I welcome contact from security researchers.
Security vulnerabilities can be found anywhere, and I'd much rather know about them than find out when my data ends up in a data dump somewhere. To that end, if you find a vulnerability on my site I encourage you to report it responsibly to me. In return I won't take legal action against you, so long as you've followed the guidance above.
That's a big discussion point in itself, but in this instance I mean reporting the issue to me, and only me. I'll then look to verify and resolve the issue before you disclose it more widely. You should avoid making any changes to the site (beyond a proof of concept, which must not be malicious).
More information on responsible disclosure on Wikipedia.
Only vulnerabilities found on jonco-it.co.uk, and its subdomains, are in scope.
Please do not contact me begging for a financial reward based on your findings. As a small outfit, I do not have the capacity at this time to offer a bounty programme.
At the time of writing no vulnerabilities have been reported to me. Appropriate acknowledgement will be given here in the event that changes.