Responsible Disclosure

We appreciate the work of security researchers who help keep the internet safer. If you believe you have found a security issue in zSigma systems, please report it responsibly.

Contact

Please report security issues using the contact form available on this website. In the message subject or first line, write: Security disclosure.

You can also find our official security contact details in our security.txt file.

Scope

• www.zsigma.ai and zsigma.ai
• Public endpoints served by our site, including /api/contact

Out of scope

• Denial of Service (DoS / DDoS), load testing, or disruptive scanning
• Social engineering, phishing, or physical attacks
• Credential stuffing or brute forcing accounts
• Issues in third-party services we do not control

Guidelines

• Provide a clear description of the issue and its impact
• Include steps to reproduce (PoC minimal, non-destructive)
• Avoid accessing or exfiltrating data beyond what is required to demonstrate the issue
• Do not publicly disclose without giving us reasonable time to address the issue

Response targets

• Acknowledgement: within 48 hours
• Status update: within 7 days

Safe harbor

If you act in good faith, follow this policy, and avoid privacy violations and disruption, we will not pursue legal action against you for your research.