Skip to content
SATER — Electronics & appliance repair
WhatsApp

Vulnerability Disclosure Policy

Coordinated Vulnerability Disclosure (CVD) for sater.lv

Last updated: April 15, 2026

1. Purpose and scope

SIA «Sadzīves tehnikas remonts SATER» (reg. no. 40103109155) operates the website sater.lv. We are a small electronics repair service centre in Riga, Latvia. This policy describes how to report security vulnerabilities discovered on our website or in the associated infrastructure.

We embrace the principles of Coordinated Vulnerability Disclosure (CVD) and welcome good-faith security researchers who report issues responsibly.

2. What to report

Please report vulnerabilities that directly affect our website or infrastructure. Examples of issues we are interested in:

  • Vulnerabilities enabling unauthorised access to site data or server infrastructure
  • Cross-site scripting (XSS) or code injection
  • Insecure HTTP header or TLS configuration
  • Open redirects or phishing risks associated with our domain
  • Exposure of sensitive technical information via publicly accessible server responses

3. How to report a vulnerability

Please send a detailed report to our security email address. Include: a description of the vulnerability, steps to reproduce, potential impact, and your contact details (anonymous reports are accepted).

security.txt

Machine-readable contact information for security researchers is available at /.well-known/security.txt per RFC 9116.

4. What we ask of researchers

When conducting security research, please observe the following rules:

  • Do not disrupt site availability or conduct denial-of-service attacks (DoS/DDoS)
  • Do not access or modify data that does not belong to you
  • Do not disclose the vulnerability publicly before we have had the opportunity to remediate it
  • Test only within our domain (sater.lv) and do not affect third-party services
  • Act in good faith and with the minimum necessary interference

5. Our commitments

We commit to:

  • Acknowledging receipt of your report within 5 business days
  • Keeping you informed of remediation progress
  • Taking no legal action against researchers acting in good faith within the scope of this policy
  • Treating all reports confidentially and not disclosing your details without your consent

We are a small service centre. We do not operate a bug bounty programme. We are genuinely grateful to researchers who help us keep the site secure.

6. Out of scope

The following are outside the scope of this policy:

  • Vulnerabilities in third-party services (Vercel, Google Analytics, Microsoft Clarity, etc.) — report these directly to the respective vendors
  • Social engineering attacks or phishing targeting our staff
  • Physical security of our premises
  • Spam or email reputation issues
  • Issues with no practical security impact

7. Contact information

  • Company: SIA «Sadzīves tehnikas remonts SATER»
  • Address: Silmaču iela 6, Rīga, LV-1012, Latvija
  • Security email: security@sater.lv
  • Phone: +371 67377002
  • Reg. No.: 40103109155