Report a Security Issue
At Kitchen4 we take the security of our website and our customers’ data seriously. We welcome good-faith reports from security researchers and members of the public who identify potential vulnerabilities in our systems. This page explains how to report an issue responsibly and what you can expect from us in return.
How to report a security issue
If you believe you have found a security vulnerability affecting Kitchen4 (kitchen4.co.uk), please email us at help@kitchen4.co.uk with the subject line “Security Report”. So that we can investigate quickly and effectively, please include as much detail as you reasonably can.
What to include
- A clear description of the vulnerability and its potential impact.
- The affected URL, page or feature.
- Step-by-step instructions to reproduce the issue, including any proof of concept.
- Any supporting screenshots, logs or request/response details.
- Your name or a handle if you would like to be credited, and how we can contact you.
Please do not include real customer data in your report. If you inadvertently access personal data during your testing, stop immediately, do not save or share it, and let us know what happened.
Our commitment to you
When you submit a report in good faith, we will:
- Acknowledge your report, normally within a few working days.
- Investigate the issue and work to validate and reproduce it.
- Keep you informed of our progress where appropriate, and let you know once the issue is resolved.
- Treat your report confidentially and handle any personal data in line with UK GDPR and the Data Protection Act 2018.
Safe harbour for good-faith research
We will not pursue or support legal action against researchers who act in good faith and make a genuine effort to comply with this policy. To stay within scope, please:
- Avoid any activity that violates the privacy of our customers or staff.
- Never destroy, alter or exfiltrate data, and never disrupt or degrade our services.
- Only interact with accounts you own or have explicit permission to test.
- Give us a reasonable opportunity to fix the issue before disclosing it publicly.
Out of scope
The following are generally not eligible under this policy:
- Denial-of-service (DoS/DDoS) or volumetric/load testing.
- Spam, phishing or bulk-messaging techniques.
- Social engineering of our staff, customers or suppliers, and physical attacks.
- Reports from automated scanners without a demonstrable, exploitable impact.
Rewards
We do not currently operate a paid bug bounty programme, so reports are made on a voluntary basis and we are unable to offer monetary rewards. We are, however, genuinely grateful for every responsible disclosure and are happy to credit researchers who help us keep Kitchen4 safe, where they wish to be named.
A note on consumer rights and data
This policy relates to the technical security of our website. It does not affect your statutory rights as a consumer under the Consumer Rights Act 2015 or the Consumer Contracts Regulations 2013, nor your rights over your personal data under UK GDPR and the Data Protection Act 2018. If your query concerns a purchase, delivery or return, please contact our customer help team instead.
Business details
Kitchen4 is a trading name of:
- Legal entity: ADFUR LIMITED
- Company number: 16951205 (registered in England & Wales)
- Registered address: 253 Alcester Road South, Birmingham, West Midlands, B14 6DT, United Kingdom
- Email: help@kitchen4.co.uk
- Phone: +44 121 409 1141 (Mon–Fri 9:00am–5:00pm)