Effective Date: March 27, 2025

MOregon Shutters ("Company," "we," "our," or "us") is committed to maintaining the security and integrity of our website, systems, and customer data. This Security Vulnerability Disclosure Policy outlines our approach to identifying, reporting, and addressing security vulnerabilities.

Reporting Security Vulnerabilities If you discover a security vulnerability related to our website, services, or systems, we encourage you to report it to us as soon as possible. Please follow these guidelines when reporting:

♦ Provide a detailed description of the vulnerability, including steps to reproduce it.
♦ Include any relevant URLs, system configurations, or screenshots.
♦ Do not publicly disclose the vulnerability before we have had an opportunity to investigate and address the issue.
♦ Do not attempt to exploit the vulnerability or access unauthorized data.

Scope This policy applies to security vulnerabilities related to:

♦ Our website and online platforms
♦ Customer account security
♦ Data privacy risks and potential leaks
♦ Unauthorized access vulnerabilities
♦ Other technical security concerns impacting MOregon Shutters and its users

What Is Not Covered The following types of reports are not covered under this policy:

♦ Physical security vulnerabilities
♦ Social engineering attacks (e.g., phishing attempts not directly linked to our systems)
♦ Spam or fraudulent emails impersonating MOregon Shutters
♦ Issues related to outdated browsers or unsupported third-party software

Response and Remediation Upon receiving a valid vulnerability report, we will:

1. Acknowledge receipt of your report within a reasonable timeframe.

2. Investigate the issue and assess its severity.

3. Take necessary steps to resolve the vulnerability.

4. Provide updates on the remediation progress, when appropriate.

5. Notify relevant stakeholders if customer data or systems are impacted.

Responsible Disclosure We request that security researchers and reporters:

♦ Act in good faith and follow ethical security research practices.
♦ Refrain from any activity that could harm MOregon Shutters, its users, or its services.
♦ Allow reasonable time for us to investigate and address the issue before public disclosure.

No Compensation Policy At this time, MOregon Shutters does not offer monetary rewards or bug bounty payments for security vulnerability reports. However, we appreciate and recognize the efforts of ethical security researchers in helping us maintain a secure platform.

Changes to This Policy MOregon Shutters reserves the right to update this Security Vulnerability Disclosure Policy at any time. Changes will be posted on our website, and continued engagement with our services implies acceptance of the updated policy.