Vulnerability Disclosure Policy

Home

Online Pharmacy (onlinepharmacy.pk) handles sensitive personal and health data for thousands of customers across Pakistan. The security of our platform is therefore a critical priority. We welcome responsible disclosure from security researchers and the wider community who identify potential vulnerabilities in our systems — and we commit to responding seriously, promptly, and professionally.

1. Our Commitment

  • Acknowledge all valid vulnerability reports within 3 business days
  • Provide an initial triage and assessment within 10 business days
  • Keep you informed throughout the investigation and remediation process
  • Not take any legal action against researchers acting in good faith under this policy
  • Credit researchers publicly (with their permission) for verified, fixed vulnerabilities
  • Prioritise and urgently remediate high and critical severity findings

2. Scope — What You Can Test

In Scope

  • pk and all its subdomains (www, checkout, account, api, etc.)
  • Customer-facing web application features (login, registration, checkout, prescription upload, order tracking, account management)
  • Public-facing APIs consumed by the onlinepharmacy.pk platform
  • Mobile-optimised website and progressive web app (if applicable)

Out of Scope

  • Social engineering, phishing, or vishing attacks targeting our staff or customers
  • Physical attacks against offices, hardware, or personnel
  • Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks
  • Automated high-volume scanning without prior written authorisation
  • Third-party platforms we do not control (e.g., payment gateways, courier partner portals)
  • Vulnerabilities requiring physical access to a customer’s device
  • Missing HTTP headers that do not represent a directly exploitable risk

3. Responsible Research Guidelines

When researching and reporting potential vulnerabilities, please:

  • Only test systems and services explicitly listed as in-scope above
  • Avoid accessing, modifying, exfiltrating, or deleting data belonging to any other user or the company
  • Not perform any test that could degrade or disrupt our service for real customers
  • Not exploit any vulnerability beyond the minimum necessary to demonstrate its existence
  • Refrain from disclosing vulnerability details publicly until we have confirmed remediation (coordinated disclosure)
  • Conduct all testing with your own accounts and test data — never with real customer accounts

4. How to Report

Report potential vulnerabilities to our security team:

  • Email: security@onlinepharmacy.pk
  • Subject: “Vulnerability Report — [Brief Description]”

Please include in your report:

  • Clear description of the vulnerability and its potential impact on customers or data
  • URL, API endpoint, or system component affected
  • Step-by-step reproduction instructions
  • Supporting evidence: screenshots, screen recordings, HTTP request/response pairs, or proof-of-concept code
  • Your name and contact details (optional, but required for public acknowledgement)

✓  Submission channel:

We do not accept vulnerability reports via social media, public bug bounty platforms, or third-party forums. Email security@onlinepharmacy.pk only.

5. What Happens After You Report

  • Day 1–3: Confirmation of receipt and initial acknowledgement
  • Day 4–10: Triage, severity assessment, and preliminary response
  • Ongoing: Regular updates on investigation and remediation progress
  • Closure: Notification when the vulnerability has been fully remediated

Resolution timelines vary based on severity and complexity. Critical and high severity vulnerabilities are prioritised for immediate remediation.

6. Safe Harbour

Online Pharmacy will not initiate legal proceedings against, or report to law enforcement, any security researcher who:

  • Reports vulnerabilities through this responsible disclosure process in good faith
  • Fully adheres to these research guidelines
  • Does not access, copy, modify, or destroy customer data or business-critical information
  • Does not disrupt our services or harm our customers

We view responsible security research as a genuine contribution to the security and trustworthiness of our platform and the protection of our patients’ data.

7. Legal Framework

This policy operates within the framework of Pakistani law, including the Prevention of Electronic Crimes Act (PECA) 2016. While this policy provides limited authorisation for good-faith security research within the defined scope, unauthorised access to computer systems remains a criminal offence. Security researchers outside the scope of this policy are not protected by the safe harbour provisions above.

Free Delivery

Free shipping on all order

Money Return

Guarantee under 7 days

Member Discount

On every order over PKR1000.00

Support 24/7

Support online 24 hours a day

Onlinepharmacy.pk is an online medicine store in Pakistan that lets you shop anytime, 24/7. It’s a popular choice for buying medical supplies and delivers all across Pakistan.

We operate as a licensed pharmacy in Pakistan, holding License No. 1921245.

Useful Links

Info Links

Follow us on:

Facebook Linkedin

Contact

Main Shahrah-e-faisal, Karachi
Phone: 03052556094
Email: ibneahmed83@gmail.com

Delivery Partners:

Payment Methods:

Online Pharmacy © 2026.All Rights Reserved.

Add to cart