We, KAWA ELECTRONICS COMPANY LIMITED, hereby declare that our devices fully comply with the applicable safety requirements of Schedule 1 of the Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023, in accordance with our own responsibility.

We are committed to adhering to the regulatory frameworks applicable in each jurisdiction where we offer products or services and continuously monitor potential obligations to ensure high standards of compliance.

We will provide security updates for our products within the support period. These updates typically include the latest security patches, vulnerability fixes, and other security improvements.

Security updates will be maintained for at least 3 years from the date of manufacture. The manufacturing date can be checked using the color box or the machine's SN number. Query rules are as follows: S/N: D54AQ0100
- D5 (Project code)
- 4 (Year, represented by the last digit of the year, e.g., 2024 is represented as '4')
- A (Month, January to September is represented by 1-9, October to December is represented by A, B, C)
- Q (Day, 01-09 is represented by 1-9, 10-A, 11-B, 12-C, 13-D, 14-E, 15-F, 16-G, 17-H, 18-J, 19-K, 20-L, 21-M, 22-N, 23-P, 24-Q, 25-R, 26-S, 27-T, 28-W, 29-X, 30-Y, 31-Z)
- 1000 (Serial number, 0001-9999)

Vulnerability Disclosure Policy:

This Vulnerability Disclosure Policy applies to any vulnerabilities you are considering reporting to us (“KAWA ELECTRONICS COMPANY LIMITED”). We recommend that you read this Vulnerability Disclosure Policy in full before you report a vulnerability and always act in compliance with this policy.

If you identify a security vulnerability, please submit a report using the following email:
Email: support@kawa-in.com

Website: www.kawa-in.com

Link to fill out suggestion form: https://www.kawa-in.com/pages/form-submit

After you submit a report, we will acknowledge receipt of your report within 5 business days and aim to provide a status update within 10 business days. We will conduct preliminary analysis and validation of the report to determine the effectiveness, severity, and impact of the vulnerabilities. If you need more information about reporting vulnerabilities, we may contact you.

Once vulnerabilities are identified, we will develop and implement remediation plans to provide solutions for all affected customers.

Repairs usually take up to 90 days, and in some cases may take even longer. 

When the reported vulnerability is fixed, we will promptly notify you and may invite you to confirm whether the solution adequately addresses the vulnerability.