Security Policy

Last updated: November 3, 2025

1. Responsible Disclosure Policy

If you discover a security vulnerability, please email [email protected].

2. Bug Bounty Program

ZeroHost does NOT operate a bug bounty program

ZeroHost does not operate a bug bounty program. We appreciate security reports but do not offer monetary compensation.

3. Response Timeline

  • Acknowledgment: Within 48 hours
  • Status updates: As investigation progresses
  • Public credit: Available upon request after resolution

4. Scope and Eligible Vulnerabilities

Out of Scope

  • Missing security headers without demonstrated exploit
  • Social engineering attacks
  • Denial of service (DoS)
  • Physical security issues

Thank You

We appreciate the security research community's efforts in helping keep ZeroHost and our users safe. Your responsible disclosure helps us maintain the trust our users place in our privacy-first platform.