Security & Disclosure

Report Security Issue

Last Updated: March 2026

If you’ve identified a potential security vulnerability on Hananoa.com, we encourage you to contact us promptly. We review all legitimate reports and aim to address valid issues as quickly as possible. Please review the guidelines below before submitting a report.

Fundamentals

If you follow the principles below when reporting a security issue to Hananoa, we will not initiate legal action or enforcement activity in response to your report, provided your actions were carried out in good faith and in accordance with these guidelines.

We ask that:

  • You give us reasonable time to investigate and fix the issue before publicly disclosing it.
  • You do not access private accounts, personal data, or restricted information without permission.
  • You make a good-faith effort to avoid privacy violations, service disruption, or data destruction.
  • You do not exploit the issue for personal gain or to access sensitive information.
  • You comply with all applicable laws and regulations.

Bounty Program

We appreciate security researchers who help us protect our platform by responsibly reporting vulnerabilities. Bounties, if offered, are awarded at Hananoa’s discretion and depend on report quality, impact, and reproducibility.

To potentially qualify for consideration, you should:

  • Follow the fundamentals listed above.
  • Report a valid security issue that presents a genuine privacy or security risk.
  • Submit the report directly to our security contact and not to unrelated employees or public channels.
  • Disclose any unintended privacy impact or disruption caused during testing.
  • Provide enough detail for our team to reproduce and evaluate the issue.

Rewards

If we choose to offer a reward, it will generally depend on the severity, exploitability, impact, and clarity of the report. Reports that cannot be reproduced may not be eligible for recognition or reward.

General reward approach:

  • The first valid report of a specific issue is generally the one considered.
  • Multiple reports tied to the same underlying issue may be treated as one issue.
  • Higher-quality reports with clear steps, evidence, and impact details receive higher priority.

Severity Examples

Critical Severity

  • Remote code execution
  • Authentication bypass leading to full account access
  • SQL injection exposing sensitive customer or administrative data

High Severity

  • Stored XSS affecting other users
  • Exposure of sensitive internal information
  • Improper handling of authentication or session controls

Medium Severity

  • Business logic flaws with security impact
  • Insecure direct object references

Low Severity

  • Open redirects
  • Reflected XSS with limited impact
  • Low-sensitivity information disclosure

How to Submit a Report

When contacting us, please include as much detail as possible so we can evaluate the issue efficiently.

  • A clear description of the issue
  • Steps to reproduce the vulnerability
  • The affected page, feature, or endpoint
  • Any screenshots, logs, or proof-of-concept details that help explain the problem
  • Your contact information for follow-up communication

Contact Information

πŸ“ Address: 12820 Go Wy Ave, Pocatello, ID 83202, USA

βœ† Phone: +1 208 844 3721

βœ‰ Email: Contact@hananoa.com

Business Hours

πŸ•’ Store Hours:

Monday – Saturday: 9:00 AM – 5:00 PM

Sunday: Closed