Security Policy
Security Policy & Responsible Disclosure
At Impression Posters takes the security of our systems, customers, and visitors extremely seriously. We operate a modern e-commerce platform protected by Cloudflare Pro, regular vulnerability scanning, and up-to-date software. Despite our best efforts, no system is 100 % secure — if you believe you have discovered a vulnerability, we want to hear from you immediately.
How to report a security issue
- Email full details to: [email protected]
- Include a clear description, steps to reproduce, and proof-of-concept if possible
- Please encrypt your report with our PGP key if it contains sensitive information (available at /.well-known/pki-validation/339FAB7C380DFFF0C6D1A6E01653F221.txt)
We promise
- We will acknowledge receipt of your report within 24 hours (usually much faster)
- We will keep you updated throughout the fix process
- We will not take legal action against researchers who follow responsible disclosure practices
- Once verified and fixed, we’ll happily credit you in our hall of fame (unless you prefer to stay anonymous)
Out of scope / no-go zones
- Spam, phishing, or social-engineering attempts
- DDoS or brute-force attacks against the site
- Reports from automated scanners without accompanying proof-of-concept
This policy is effective as of December 2025 and applies to impressionposters.com and any subdomains.
Thank you for helping keep our customers safe.
— The Impression Posters Team