Responsible Disclosure
We appreciate the work of security researchers who help keep the internet safer. If you believe you have found a security issue in zSigma
systems, please report it responsibly.
Contact
Please report security issues using the contact form available on this website.
In the message subject or first line, write: Security disclosure.
You can also find our official security contact details in our
security.txt file.
Scope
www.zsigma.ai and zsigma.ai
- Public endpoints served by our site, including
/api/contact
Out of scope
- Denial of Service (DoS / DDoS), load testing, or disruptive scanning
- Social engineering, phishing, or physical attacks
- Credential stuffing or brute forcing accounts
- Issues in third-party services we do not control
Guidelines
- Provide a clear description of the issue and its impact
- Include steps to reproduce (PoC minimal, non-destructive)
- Avoid accessing or exfiltrating data beyond what is required to demonstrate the issue
- Do not publicly disclose without giving us reasonable time to address the issue
Response targets
- Acknowledgement: within 48 hours
- Status update: within 7 days
Safe harbor
If you act in good faith, follow this policy, and avoid privacy violations and disruption, we will not pursue legal action against you for your research.