Free shipping over €150 | Order now and receive within 2-3 business days

    Responsible Disclosure

    We take the security of our systems seriously. If you discover a vulnerability, please let us know as soon as possible so we can fix it.

    Scope

    This policy applies to all systems operated by fietsplaat.nl, including the website, web shop and connected integrations.

    How to report a vulnerability

    Send your report to our security team. Include the type of vulnerability, the affected URL or component, reproduction steps, and — if possible — a suggested fix.

    security@fietsplaat.nl

    If the address above doesn't work, use info@fietsplaat.nl with "Security" in the subject line.

    Rules of engagement

    • Do not share the vulnerability with others until it has been resolved.
    • Do not exploit the vulnerability, e.g. by downloading more data than necessary to demonstrate the issue.
    • Do not modify or delete data in our systems.
    • Do not use attacks involving physical security, social engineering, DDoS, spam or third-party applications.
    • Provide enough information to reproduce the vulnerability so we can fix it.

    Our commitment

    • We will respond within 5 business days with an assessment and an expected resolution timeline.
    • We will keep you updated on our progress.
    • We will not take legal action against you if you follow the rules above.
    • In consultation, we can credit you in our hall of fame as thanks for your report.

    Out of scope

    • Vulnerabilities in third-party systems (e.g. Shopify, hosting, Meta) — please report those directly to the relevant party.
    • Missing security headers without demonstrable impact.
    • Reports from automated scanners without manual verification.

    Contact

    Fietsplaat BV

    Hogelandseweg 78

    6545 AB Nijmegen

    Email: security@fietsplaat.nl