Vulnerability Disclosure
A responsible route for good-faith security reports.
- Status
- Public summary
- Version
- v1.0
- Stage
- Public informational - security contact active
- Last updated
- 15 June 2026
ANCHOR welcomes good-faith reports of suspected security vulnerabilities. This page describes how to report an issue responsibly and the testing boundaries that apply.
Status
A security contact route is active. Good-faith reports are read by the founder. This page sets out how to report responsibly; it does not offer a service level, a response-time commitment, or a support desk.
What to include in a report
A useful good-faith report includes:
- clear reproduction steps
- the affected URL or path
- screenshots or redacted evidence
- your contact details
Prohibited testing
The following activities are not authorised and must not be carried out against ANCHOR or its users:
- denial of service
- social engineering
- phishing
- physical attacks
- credential stuffing
- malware
- persistence or backdoors
- accessing, modifying, deleting, or exfiltrating customer or clinic data
- testing third-party services directly without authorisation
Security contact
Good-faith security reports may be sent to security@anchorvet.co.uk. This mailbox forwards to and is monitored by the founder. Please do not include clinic, client, patient, password, secret, or unnecessary personal data in a report.
For non-security enquiries, use the Trust Centre contact routes.
What this page is not
This page is not a bug bounty, not a safe-harbour guarantee, and not authorisation to access clinic or customer data. Reporting in good faith does not grant permission to access, modify, delete, or exfiltrate any data.
Important notice
ANCHOR helps clinics evidence responsible AI governance practices. It does not make a clinic compliant with any law or professional standard, and it does not replace veterinary judgement. These pages are prepared for transparency and solicitor review and are not legal advice.