RedmineShop
Join waitlist

Security Policy

We take security seriously for redmineshop.com, our payment partners, and the plugins we ship to your self-hosted Redmine.

Reporting vulnerabilities

If you discover a security issue in our website or plugins, please report it responsibly to security@redmineshop.com. Do not disclose publicly until we have had a reasonable time to respond.

What to include

  • Description and steps to reproduce
  • Affected product (website, plugin name, version)
  • Your Redmine/Ruby environment if relevant

Our commitment

We aim to acknowledge reports within 3 business days and provide status updates as we investigate. We do not pursue legal action against good-faith security research.

Data handling

Payment data is processed by our payment provider; we do not store full card numbers on our servers. See our Privacy Policy for details.