Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Last updated: May 2026 — Digitalifes Ltd trading as Keviq

Our Commitment to Security

At Keviq, operated by Digitalifes Ltd, we take the security of our website and our customers’ data seriously. We welcome responsible disclosure of any security vulnerabilities found on keviq.uk.

If you believe you have found a security vulnerability on our website, please report it to us as described below. We ask that you act in good faith and give us the opportunity to investigate and address the issue before any public disclosure.

Scope

This policy applies to security vulnerabilities found on:

  • The keviq.uk website and all its subdomains
  • Our customer-facing checkout and account systems
  • Any service directly operated by Digitalifes Ltd under the Keviq brand

This policy does not apply to third-party services we use (such as Stripe, Amazon Pay, or Yunexpress). Please report vulnerabilities in those services directly to the respective providers.

How to Report a Vulnerability

Please report any security vulnerabilities by emailing us at:

support@keviq.uk

Please include the following information in your report:

  • A clear description of the vulnerability
  • The URL or area of the website affected
  • Steps to reproduce the issue
  • Any potential impact you have identified
  • Your contact details (optional, but helpful if we need to follow up)

What We Will Do

When you submit a vulnerability report, we commit to:

  • Acknowledge receipt of your report within 3 business days
  • Investigate the reported vulnerability promptly
  • Keep you informed of our progress where possible
  • Work to resolve confirmed vulnerabilities in a timely manner
  • Notify you when the issue has been resolved

Responsible Disclosure Guidelines

We ask that you:

  • Do not access, modify, or delete data that does not belong to you
  • Do not disrupt our services or degrade the user experience for others
  • Do not exploit the vulnerability beyond what is necessary to demonstrate it
  • Do not share details of the vulnerability publicly before we have had a reasonable opportunity to address it
  • Act in good faith at all times

Researchers who follow these guidelines and report vulnerabilities responsibly will not face legal action from Digitalifes Ltd in connection with their research.

Contact

For security-related reports or any questions about this policy:

Digitalifes Ltd trading as Keviq
71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
Email: support@keviq.uk
Hours: Monday to Saturday, 9am – 5pm GMT