Categories
Electrónicos
Videojuegos
Ropa
Hogar
Juguetes y Juegos
Automotriz
Salud y Belleza
Deportes
Libros
Calzado
Joyas y Accesorios
Accesorios para hombres
Bolsas y Equipaje
Fitness
Aire Libre
Suministros para Mascotas
Instrumentos Musicales
Gourmet y Abarrotes
Computadoras y Hardware
Electrónicos
Electrónicos

Discover our selection of electrónicos

Subcategories
Teléfonos
Televisores
Portátiles
Cámaras
Audio
Aire acondicionado
Teclados
Auriculares
Dispositivos
Smartwatches
Cables de cargas
Rastreadores inteligentes

Content

Responsible Disclosure Policy

At Douvery we value the security and privacy of our users. We appreciate the collaboration of security researchers and users who help us keep our platform secure through responsible disclosure of vulnerabilities.

Program Scope

The following areas are within the scope of our responsible disclosure program:

  • Main Web Platform
    Web applications accessible through douvery.com and its official subdomains.
  • APIs and Backend Services
    API endpoints used by our platform to process transactions, authentication, and user data.
  • Mobile Applications
    Official Douvery mobile applications available in official stores.
  • Payment Infrastructure
    Systems related to secure payment and transaction processing.

Research Guidelines

To participate in our responsible disclosure program, we ask you to follow these guidelines:

  • No Unauthorized Access
    Do not access, modify, or delete data that doesn't belong to you. Only use your own test accounts.
  • User Privacy
    Respect the privacy of our users. Do not access, copy, or disclose personal data of other users.
  • Do Not Disrupt Services
    Avoid performing tests that could degrade or disrupt our services (DoS attacks, mass spam, etc.).
  • Responsible Disclosure
    Report vulnerabilities directly to us before disclosing them publicly. Give us reasonable time to fix them.
  • Detailed Documentation
    Provide detailed information about the vulnerability including steps to reproduce, potential impact, and mitigation recommendations.

Out of Scope

The following types of vulnerabilities and behaviors are NOT covered by this policy:

  • Social Engineering
    Phishing, vishing, or any form of social engineering attacks against employees or users.
  • Physical Attacks
    Unauthorized physical access to offices, data centers, or Douvery equipment.
  • Third-Party Services
    Vulnerabilities in third-party services or applications we don't directly control.
  • Configuration Issues
    DNS, SSL/TLS, security headers configurations without a demonstrable real impact.
  • Known Vulnerabilities
    Vulnerabilities already reported by other researchers or being actively fixed.

Reporting Process

Follow these steps to report a security vulnerability:

  • 1. Send Your Report
    Send a detailed email to security@douvery.com with all relevant information about the vulnerability.
  • 2. Confirmation
    You will receive a receipt confirmation within 48 business hours.
  • 3. Initial Assessment
    Our team will evaluate the vulnerability and respond with an initial assessment within 5 business days.
  • 4. Progress Update
    We will keep you informed about the progress of the fix and any additional information we need.
  • 5. Resolution
    Once the vulnerability is fixed, we will notify you and coordinate public disclosure if appropriate.

Legal Protection (Safe Harbor)

We commit to the following guarantees for researchers acting in good faith:

  • No Legal Action
    We will not initiate legal action against researchers who comply with this policy and act in good faith.
  • Collaboration with Authorities
    We will not collaborate with authorities to prosecute researchers who follow these guidelines.
  • Public Recognition
    With your consent, we may publicly acknowledge your contribution in our security Hall of Fame.
  • Transparent Communication
    We will maintain open and transparent communication throughout the disclosure process.

Frequently Asked Questions

Do you offer monetary rewards for vulnerabilities?
We currently do not have a bug bounty program with monetary rewards. However, we value each report and offer public recognition in our security Hall of Fame.
How long should I wait before disclosing publicly?
We ask you to wait at least 90 days from the initial report or until the vulnerability is fixed, whichever comes first. In exceptional cases, we may agree on a different period.
Can I use automated scanning tools?
Yes, but in moderation. Avoid aggressive scans that could affect the performance of our services. Notify us in advance if you plan to perform extensive scans.
What if I find exposed sensitive data?
Report immediately without accessing, copying, or disclosing the data. Include enough information for us to verify the issue without revealing specific user data.
Can I create test accounts for research?
Yes, you can create test accounts using your own real data. Do not create accounts with false information or from other people.

Contact Information

To report security vulnerabilities, contact our security team:

Security Email: security@douvery.com

PGP Key: Available upon request for encrypted communications

Download the Douvery app

Make your purchase faster using our app