AH-RIN — SECURITY & VULNERABILITY DISCLOSURE STATEMENT

AH-RIN Security & Vulnerability Disclosure Statement

Last Updated: 26 April 2026

Applies to: United Kingdom, European Union & All International Customers

AH-RIN ENTERPRISES LLC (“AH-RIN”, “we”, “us”, “our”) is committed to maintaining a secure ecommerce environment for all customers. While Shopify hosts most of our platform infrastructure, we recognize the importance of responsible security reporting and provide this policy to guide individuals who believe they have discovered vulnerabilities affecting our systems.

This Statement does not create contractual rights, a bug-bounty programme, or financial reward. It exists solely to support responsible, good-faith disclosure.

1. Commitment to Responsible Security AH-RIN takes security seriously and encourages ethical reporting of potential vulnerabilities. We aim to:

·        Investigate valid reports promptly

·        Resolve confirmed issues where technically feasible

·        Maintain the confidentiality of the reporter

·        Avoid unnecessary legal escalation when disclosures follow this Policy

2. Scope of This Policy This Statement applies to potential vulnerabilities involving:

·        The AH-RIN Shopify storefront

·        Public-facing pages

·        Interactive website features

·        Contact forms

·        Support channels (email, text, phone)

·        Customer account interfaces

Out of Scope (not permitted to test):

·        Shopify core infrastructure

·        Payment gateway systems (Shopify Payments and other approved international gateways)

·        Courier systems or tracking portals

·        Third-party Shopify apps

·        Our fulfilment center systems in South Korea

·        Any non-public AH-RIN staff systems

·        DNS, email servers, or Google Workspace

Testing these systems may violate laws or third-party terms.

3. Responsible Disclosure Guidelines To minimize harm, security researchers must:

3.1 Act in Good Faith

·        Avoid accessing customer data

·        Stop testing immediately upon discovering sensitive information

·        Not disrupt services

·        Not engage in brute-force, denial-of-service, or spam attacks

·        Not modify or delete data

·        Not use automated tools that create excessive traffic

3.2 Provide Sufficient Information Reports should include:

·        Description of the vulnerability

·        Steps to reproduce

·        Potential impact

·        Screenshots or proof-of-concept (if safe)

·        Browser, device, and environment details

3.3 Use the Official Reporting Channel

Send all reports to: 📧 support@ah-rin.com

4. Prohibited Activities For your protection and ours, researchers may not:

·        Access or attempt to access private customer accounts

·        Perform social engineering against AH-RIN staff

·        Execute malware, ransomware, or harmful scripts

·        Engage in phishing, credential harvesting, or spoofing

·        Test payment systems

·        Attempt man-in-the-middle attacks

·        Modify Shopify or app code

·        Attempt to exploit shipping or customs systems

Any such activity may be treated as malicious.

5. What AH-RIN Promises in Return If you follow this policy and act ethically and in good faith:

✔ We will not pursue legal action

✔ We will acknowledge your report (typically within 7–14 days)

✔ We will investigate and fix valid vulnerabilities

✔ We will keep your identity confidential if requested

AH-RIN does not offer:

·        Monetary rewards

·        Store credits

·        Bug-bounty payments

This is strictly a safe-harbor disclosure policy, not a reward programme.

6. Exclusions & Limitations The following are not considered vulnerabilities:

·        Missing security headers that do not pose a real threat

·        Outdated browser warnings

·        Missing DNS records unrelated to security

·        Clickjacking on static, non-sensitive pages

·        Rate-limiting on search or cart pages

·        Inability to brute-force (rate limits working as intended)

·        Publicly known third-party script behavior

·        404/403 error leakage

·        Suggestions for improvement that aren’t security issues

7. Legal & Jurisdiction Notice Attempting to exploit vulnerabilities outside this Policy, or engaging in malicious activity, may result in:

·        Account termination

·        Order cancellation

·        Fraud reporting

·        Legal action under applicable cybercrime laws, including the UK Computer Misuse Act 1990, the US Computer Fraud and Abuse Act (CFAA), and other international frameworks.

This Policy is governed by the laws of the State of Wyoming, USA, and all disputes fall under the jurisdiction of the courts of the State of Wyoming.

8. Updates to This Policy AH-RIN may modify or update this Policy at any time. Updates take effect immediately once posted.

9. Contact Information For responsible disclosure, contact:

Company Information:

AH-RIN ENTERPRISES LLC

5830 E 2nd St, Ste 7000

Casper, WY 82609

United States

Contact Information:

📧 support@ah-rin.com

📞 +1 (307) 316-1635