This policy describes how to report security vulnerabilities affecting the Tuned Performance website.

In scope:

• tunedperformance.co.uk website content and static assets.
• Contact and booking form flow.
• Cookie consent and analytics controls.

Out of scope:

• Third-party services and infrastructure operated by external providers.
• Social media accounts or marketplace profiles not hosted on this domain.

Only the latest deployed site is supported for security updates.

Please report vulnerabilities privately:

• Email: info@tunedperformance.co.uk
• Subject: Security Vulnerability Report

Include:

• A clear description of the issue and impact.
• Affected URL(s) and steps to reproduce.
• Proof-of-concept details where possible.

• Initial acknowledgement target: within 5 business days.
• Triage and remediation timing depends on severity and complexity.

• Do not access, alter, or exfiltrate customer data.
• Do not perform denial-of-service testing.
• Keep testing lawful and limited to your own traffic.

Please allow reasonable remediation time before public disclosure. When appropriate, validated findings may be acknowledged by name or alias.

Machine-readable policy:

• https://tunedperformance.co.uk/.well-known/security.txt