Skip to main content

Security

The UX Shop takes security seriously. This page describes our security practices and how to report vulnerabilities.

Our security practices

Infrastructure

  • HTTPS everywhere: All connections to the site use TLS encryption
  • Cloudflare protection: We use Cloudflare for DDoS protection and edge security
  • Static hosting: The site is statically generated, reducing attack surface
  • No database: We don't maintain a database that could be breached

Data handling

  • Minimal collection: We collect only what's necessary to operate
  • No sensitive storage: We don't store passwords, payment info, or sensitive personal data
  • Client-side tools: Our tools run in your browser—data doesn't leave your device

Access control

  • Limited access: Only necessary personnel have access to hosting and email systems
  • Secure authentication: We use strong authentication for all administrative access
  • Regular review: We periodically review access permissions

Reporting vulnerabilities

If you discover a security vulnerability, we appreciate responsible disclosure.

What to report

  • Security vulnerabilities in the site or its infrastructure
  • Privacy issues with data handling
  • Ways to access unauthorized content or functionality
  • Cross-site scripting (XSS), injection, or similar issues

How to report

Email security issues to: security@theuxshop.com

Please include:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Your contact information (optional, but helpful for follow-up)

What to expect

  • Acknowledgment: We'll acknowledge receipt within 2 business days
  • Assessment: We'll investigate and assess the severity
  • Updates: We'll keep you informed of our progress
  • Resolution: We'll work to fix confirmed vulnerabilities promptly
  • Credit: With your permission, we'll credit you for the discovery

What we ask

  • Don't exploit vulnerabilities beyond what's necessary to demonstrate the issue
  • Don't access other users' data or accounts
  • Don't disrupt service for other users
  • Give us reasonable time to fix issues before public disclosure (typically 90 days)

Security headers

We implement security headers to protect users:

Content-Security-Policy: Restricts resource loading
X-Content-Type-Options: Prevents MIME sniffing
X-Frame-Options: Prevents clickjacking
Referrer-Policy: Controls referrer information
Permissions-Policy: Restricts browser features

Browser security

The site is designed to work with modern browsers' security features:

  • We don't require disabling security settings
  • We support Content Security Policy
  • We use secure cookies where cookies are necessary

Questions

For general security questions (not vulnerabilities), email hello@theuxshop.com.

For vulnerability reports, use security@theuxshop.com.

Last reviewed: January 2026