At HobbyKita, security is something we take seriously. We protect our customers’ data, payments, and accounts with industry-standard tools — but no system is bulletproof. If you’ve spotted a vulnerability, suspicious activity, or anything that looks like a security risk on hobbykita.com, we want to hear about it.

What to Report

We welcome reports about anything that could affect the security of our website, customer data, or payment systems. Some examples:

  • Website vulnerabilities — bugs, exploits, or weaknesses in our code
  • Account issues — suspicious logins, unauthorized access, or hijacked accounts
  • Payment fraud — unauthorized charges or suspicious billing activity
  • Phishing attempts — fake emails or websites pretending to be HobbyKita
  • Data exposure — leaked customer info, passwords, or private data
  • Malware or scams — suspicious links, downloads, or fraudulent ads claiming to be from us
  • Social engineering — anyone impersonating HobbyKita staff or customers

How to Report

Email us directly at: CONTACT@hobbykita.com. When you reach out, please include:

  • A clear description of the issue
  • Where you found it (URL, page, account section, etc.)
  • Steps to reproduce it (if it’s a website vulnerability)
  • Screenshots or screen recordings if you have them
  • The date and time you discovered it
  • Your contact info so we can follow up

What NOT to Do

  • Publicly disclose the issue before we’ve had a chance to fix it
  • Share the vulnerability with third parties or post it on forums
  • Attempt to exploit the issue beyond what’s needed to confirm it
  • Access, modify, or download other users’ data
  • Run automated scans, brute-force attacks, or denial-of-service tests on our site
  • Use the issue for personal gain, fraud, or extortion

What Happens After You Report

  • Acknowledgment. We’ll confirm we got your message within 2 business days.
  • Investigation. Our team reviews the report and verifies the issue. This usually takes 3–7 business days.
  • Resolution. Once confirmed, we work to fix the vulnerability as quickly as possible.
  • Follow-up. We’ll let you know when the issue is resolved.

If Your Account Has Been Compromised

  • Change your password immediately — both on HobbyKita and on any other site where you reuse the password
  • Email us at CONTACT@hobbykita.com with the subject line ‘ACCOUNT COMPROMISED’
  • Include your order history details so we can verify your identity
  • Check your bank statements for any unauthorized charges

Phishing & Fake HobbyKita Communications

HobbyKita will NEVER:

  • Ask for your password by email, phone, or text
  • Request your full credit card number outside our secure checkout
  • Send links asking you to ‘verify’ or ‘confirm’ your account on a third-party site
  • Demand payment in gift cards, cryptocurrency, or wire transfers
  • Threaten to close your account unless you act immediately

Our Commitment to Security

  • SSL encryption on every page of hobbykita.com
  • PCI-compliant payment processing through trusted providers like Stripe and PayPal
  • Encrypted password storage — we never store passwords in plain text
  • Regular security audits to identify and patch potential issues
  • Restricted internal access to customer data on a need-to-know basis

Legal Safe Harbor

If you report a security issue in good faith, follow this policy, and don’t damage our systems or customers’ data, we won’t pursue legal action against you. We treat responsible reporters as partners, not adversaries.

Contact Us

To report a security issue or ask questions about our security practices:


Phone: +1 (515) 301-0812
Email: contact@hobbykita.com
HobbyKita : 1442 E Fleming Ave, Des Moines, IA 50313, United States
Hours: Mon–Fri 9 AM–9 PM | Sat 10 AM–10 PM | Sun Closed