Vulnerability Disclosure Policy

At Blitz Home Appliances, we are committed to protecting the security, privacy, and integrity of our systems, websites, connected products, and customer information. This Vulnerability Disclosure Policy explains how security researchers can responsibly report potential vulnerabilities, and how we work together to review and address these issues.

We welcome responsible security research. If you follow the guidelines outlined in this policy and act in good faith, your research will be considered authorized, and Blitz Home Appliances will not take or recommend legal action as a result of your findings.

Please note: Blitz Home Appliances does not operate a bug bounty program and does not offer rewards or financial compensation for vulnerability submissions.

Guidelines for Responsible Disclosure

To ensure a safe and coordinated process, security researchers should follow these guidelines:

• Notify us as soon as possible after discovering a confirmed or potential security issue.
• Make every effort to avoid:
  • privacy violations;
  • disruption of services;
  • degradation of user experience;
  • destruction, modification, or unauthorized access to data.
• Use exploitation only to confirm the presence of a vulnerability.
• Do not attempt to:
  • access personal or financial data;
  • establish persistent access;
  • pivot to other internal or external systems;
  • exfiltrate or copy data.
• Provide us with a reasonable amount of time to investigate and resolve the issue before public disclosure.
• Stop testing immediately if you encounter:
  • personally identifiable information;
  • financial or confidential data;
  • system instability or unintended behavior.

Reporting a Vulnerability

To report a vulnerability, please email us at:

Email: service@blitzappliances.com

To help us evaluate your submission effectively, please include:

• The date and time the issue was discovered
• The website, product, or system affected
• Detailed steps to reproduce the vulnerability
• Any proof-of-concept files, screenshots, or logs (if available)
• Optional remediation ideas or suggestions

Blitz Home Appliances commits to acknowledging all valid submissions within 3 business days.

For disclosures related to connected (IoT) products, we will provide periodic updates until the issue is resolved.

Scope

This policy applies to the following:

• All Blitz Home Appliances websites owned or managed by the company
• Internet-facing business systems
• Connected (IoT) products and associated mobile apps
• Cloud services and APIs used by our products

Out of Scope (Prohibited Activities)

The following activities are not permitted under this policy:

• Social engineering or phishing attempts targeting Blitz employees
• Denial-of-Service (DoS/DDoS) attacks
• Physical attacks on Blitz facilities, offices, or data centers
• Attempts to access private customer accounts or personal data
• Any action intended to harm, disrupt, or degrade services
• Activities that violate applicable laws or regulations

If you are unsure whether an activity is allowed, please contact us before proceeding.

Questions or Additional Information

If you have questions about this policy, the scope, or whether your research activity complies with responsible disclosure practices, please contact us at:

We appreciate your help in strengthening the security of Blitz Home Appliances products and systems.