PSTI Statement of Compliance

MH Star Vulnerability Disclosure Policy

At MH Star, protecting our customers from security threats is a top priority. As we grow our presence in the smart home appliances market, we are committed to providing secure, reliable products and ensuring the privacy of our users' data.

We have established this policy to ensure that any potential security vulnerabilities are reported and resolved efficiently.

How to Report a Vulnerability

If you believe you have found a security vulnerability in an MH Star product or service, please contact our security team at: compliance@mhstar.co.uk

When reporting, please provide as much detail as possible to help us reproduce the issue.

To help us investigate, please include:

• A description of the issue.
• The product model and software version (if applicable).
• Steps to reproduce the vulnerability.

Our Handling Process

Once a report is received, our security team will:

• Acknowledge receipt of your report within five business days.  
• Investigate the issue to determine its impact
• Provide updates to the reporter at reasonable intervals until the issue is resolved.
• Aim to resolve confirmed vulnerabilities within 90 days, although complex issues may require more time.

Guidelines for Reporters

We ask that all individuals reporting vulnerabilities:

• Comply with UK law and do not attempt to access, modify, or delete user data.
• Report the issue to us privately and allow us a reasonable amount of time to fix it before sharing any information publicly.
• Note that MH Star does not offer financial rewards or "bug bounties" for reports.

Security Updates

If a fix is required, we will deploy software or firmware updates directly to affected products or provide instructions on our website to ensure our customers remain protected.

Statement of Compliance

To view our formal Statement of Compliance regarding the Product Security and Telecommunications Infrastructure (PSTI) Act, please click here.