Home
Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Last Updated: April 14, 2026

Our Commitment

Otter Products, LLC (“we”) is committed to maintaining the security of our digital properties and protecting our systems and the information we process as part of providing our products and services, including customer, reseller, distributor, and vendor information. We appreciate the efforts of individuals who responsibly report potential security vulnerabilities, so they can be reviewed and addressed appropriately.

This Vulnerability Disclosure Policy (“Policy”) outlines how you can report potential security vulnerabilities and sets our expectations for your responsible disclosure.

Scope

This Policy applies to previously unknown, original security vulnerabilities affecting our websites, applications, or systems.

The following are out of scope and are not covered by this Policy:

Security vulnerabilities that are already known internally or have been previously reported;
Denial of service (DoS), distributed denial of service (DDoS), or other volumetric or availability based attacks;
Social engineering, phishing, or physical security attacks; and
Issues resulting from misconfigured client devices, browsers, or third party services outside our control.

Authorized Activity

We do not authorize security research, testing, scanning, probing, or other interactions that could reasonably be interpreted as an attack against our websites, applications, systems, or users.

Any activity that degrades service availability, accesses data without permission, circumvents our controls, or impacts our customers or operations is not permitted, even if conducted with good intentions.

Submission of a security vulnerability report does not grant you permission to perform further testing or verification.

Bug Bounty

We do not currently operate a paid bug bounty program, and do not offer compensation, rewards, or public acknowledgement in exchange for reported security vulnerabilities.

How to Report a Vulnerability

If you believe you have identified a security vulnerability that falls within the scope of this Policy, please submit a security vulnerability report to bugs@otterproducts.com.

To help us efficiently evaluate your report, please include:

A clear description of the issue;
The affected system, page, or endpoint;
Steps to reproduce the security vulnerability (if applicable); and
Any relevant screenshots or non sensitive logs.

Please do not include sensitive personal data, payment information, or actual customer data in your report.

Our Handling Process

Upon receipt of a qualifying security vulnerability report, we will:

Review the submission to validate the issue.
Assess potential impact and risk.
Determine appropriate remediation actions.

Due to operational and security considerations, we may not provide status updates, timelines, or detailed outcomes for reported issues.

No Guarantee of Action or Response

Submission of a security vulnerability report does not guarantee a response, remediation, or acknowledgment. We retain sole discretion over how reported issues are handled, prioritized, or resolved.

Safe Harbor

This Policy is intended to encourage responsible reporting of security vulnerabilities; however, we reserve all legal rights and remedies and do not waive any protections, defenses, or claims by receiving or reviewing security vulnerability reports.

Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. This Policy is effective as of the last date it was updated.

Recognition

We recognize the efforts of individuals who chose to responsibly disclose potential security vulnerabilities in accordance with this Policy and have helped contribute to a safer online environment: