Galaxus takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations and all public accessible IT systems owned by Digitec Galaxus AG.

If you believe you have found a security vulnerability in any Galaxus-owned repository or service, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them to Galaxus at https://www.galaxus.ch/security.

You should receive a response within 5 (business) days. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

# Description
add details about this vulnerability

# Proof of Concept 
screenshots / code

# Steps for Reproduction 
add step-by-step guide

# Supporting materials: 
add screenshots, logs, etc.

This information will help us triage your report more quickly.

All public accessible IT systems owned by Digitec Galaxus AG are in scope.

Websites:
*.digitecgalaxus.ch
*.devinite.com
*.digitec.ch
*.galaxus.ch
*.galaxus.de
*.galaxus.at
*.galaxus.be
*.galaxus.fr
*.galaxus.it
*.galaxus.nl
*.galaxus.eu

Apps:
https://apps.apple.com/ch/app/galaxus-dein-onlineshop/id1175349817
https://play.google.com/store/apps/details?id=com.galaxusapp&gl=US

Public Repositories:
https://github.com/DigitecGalaxus

We prefer all communications to be in English or German.

Galaxus follows the principle of Coordinated Vulnerability Disclosure.