Vulnerability Disclosure Policy

We take the security of our platform seriously. If you believe you have found a security vulnerability in any RxSure or QASTCO Limited system, we encourage you to report it to us responsibly.

How to Report

Email: security@qastco.com
Subject line: Vulnerability Disclosure — [brief description]

Please include:

• Description of the vulnerability and its potential impact
• Steps to reproduce the issue
• Any relevant screenshots, logs, or proof-of-concept code

What You Can Expect From Us

• Acknowledgement within 2 business days
• We will investigate all reports promptly
• We aim to remediate confirmed vulnerabilities within 90 days
• We will keep you informed of progress where possible

Our Commitment to You

• We will not take legal action against researchers who report vulnerabilities in good faith
• We will not share your personal details with third parties without your consent
• We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to fix it

Scope

This policy covers:

• rxsure.co.uk — public website
• practitioner.rxsure.co.uk — clinical portal
• patient.rxsure.co.uk — patient portal
• Any other service operated by QASTCO Limited

Out of Scope

The following are not covered by this policy:

• Social engineering or phishing attempts against our staff
• Physical security issues
• Denial of service attacks
• Issues in third-party services we use (report directly to those providers)

For general security questions, contact contact@rxsure.co.uk.

QASTCO Limited (trading as RxSure)
Company Number: 13426888 • ICO Registration: ZB261485