# Estako Yarns — Security Disclosure Policy # Format: RFC 9116 (security.txt) # Last updated: 2026-05-26 # =========================================================================== # PRIMARY CONTACT # =========================================================================== Contact: mailto:esref@estakoyarns.com Contact: https://www.estakoyarns.com/pages/contact-us # =========================================================================== # EXPIRATION (must be updated annually per RFC 9116) # =========================================================================== Expires: 2027-05-26T00:00:00Z # =========================================================================== # PREFERRED LANGUAGES # =========================================================================== Preferred-Languages: en, tr, ar # =========================================================================== # CANONICAL URL # =========================================================================== Canonical: https://www.estakoyarns.com/security.txt Canonical: https://www.estakoyarns.com/.well-known/security.txt # =========================================================================== # POLICY # =========================================================================== Policy: https://www.estakoyarns.com/pages/security-txt # Brief policy summary: # # 1. Coordinated disclosure encouraged. Please give us 90 days to remediate # before public disclosure. # # 2. Please do NOT: # - Run automated vulnerability scanners against production checkout # - Test with real payment information # - Access or modify customer data # - Perform DDoS or resource exhaustion attacks # - Social engineer Estako staff # # 3. Please DO: # - Report vulnerabilities in good faith # - Provide enough technical detail for reproduction # - Give us reasonable time to fix before disclosure # - Test against your own test orders only # # 4. Scope: # - https://www.estakoyarns.com (main storefront) # - Estako mobile experience (via Shopify) # # 5. Out of scope: # - Shopify platform vulnerabilities (report to Shopify HackerOne) # - Third-party Shopify apps (report to app developer) # - Cloudflare infrastructure (report to Cloudflare) # - DNS/email provider infrastructure # =========================================================================== # ACKNOWLEDGMENTS # =========================================================================== # We publicly thank security researchers who responsibly disclose vulnerabilities # (with their permission). # =========================================================================== # RELATED FILES # =========================================================================== # /robots.txt — crawler access policy # /pages/llms-txt — AI search reference # /pages/ai-txt — AI usage policy # /pages/humans-txt — site team info # /agents.md — agent operation instructions # /.well-known/ucp — Universal Commerce Protocol discovery # End of security.txt
Free worldwide shipping on orders over $75
OEKO-TEX® Standard 100 certified
Duties & taxes included — no surprises at checkout
