Security Disclosure Policy

Last updated: October 21, 2025

Our Commitment to Security

At Fzenta, we take the security of our systems and services seriously. We appreciate the efforts of security researchers and ethical hackers who help us maintain the security of our platform.

This policy outlines our guidelines for responsible disclosure of security vulnerabilities and our commitment to working with the security community.

Scope

This policy applies to vulnerabilities found in:

  • fzenta.com and all subdomains
  • Our web applications and APIs
  • Our mobile applications
  • Our cloud infrastructure

Guidelines for Researchers

Do:

  • Report vulnerabilities as soon as possible
  • Provide detailed information to help us reproduce the issue
  • Keep vulnerability information confidential until we resolve it
  • Make a good faith effort to avoid privacy violations and service disruptions
  • Only test against accounts you own or have explicit permission to test

Don't:

  • Access or modify data that doesn't belong to you
  • Perform actions that could harm our users or business
  • Execute denial of service attacks
  • Send unsolicited emails or spam
  • Publicly disclose vulnerabilities before we've had time to fix them
  • Demand payment or compensation for vulnerability reports

How to Report

If you discover a security vulnerability, please report it to us via email:

Security Team Email:

security@fzenta.com

Please include:

  • Vulnerability type: (e.g., XSS, SQL injection, authentication bypass)
  • Affected URL(s) or endpoint(s)
  • Steps to reproduce: Detailed steps to help us understand and verify the issue
  • Proof of concept: Screenshots, videos, or code samples
  • Impact assessment: Your analysis of the potential impact
  • Your contact information: For follow-up questions

PGP Encryption (Optional)

For sensitive reports, you may encrypt your email using our PGP key available on request.

Our Response Process

1

Acknowledgment

We will acknowledge receipt of your report within 48 hours.

2

Initial Assessment

Our security team will assess the severity and validity within 5 business days.

3

Resolution

We will work to resolve the issue based on its severity (Critical: 7 days, High: 30 days, Medium: 60 days, Low: 90 days).

4

Public Disclosure

After remediation, we will coordinate with you on public disclosure timing.

Severity Classification

Critical

Remote code execution, authentication bypass, data breach

High

Privilege escalation, SQL injection, XSS with significant impact

Medium

CSRF, information disclosure, business logic flaws

Low

Minor configuration issues, low-impact vulnerabilities

Recognition

We value the contributions of security researchers. With your permission, we will:

  • Acknowledge your contribution in our security hall of fame
  • Publicly thank you after the vulnerability is resolved
  • Provide a reference letter upon request

While we don't offer monetary rewards at this time, we deeply appreciate your efforts in helping us maintain a secure platform.

Out of Scope

The following are outside the scope of this program:

  • Social engineering attacks
  • Physical security issues
  • Denial of Service (DoS/DDoS) attacks
  • Spam or phishing attacks
  • Issues in third-party services we don't control
  • Reports from automated tools without validation
  • Best practice recommendations without demonstrable security impact

Legal Safe Harbor

We will not pursue legal action against researchers who:

  • Follow this responsible disclosure policy
  • Act in good faith
  • Don't violate privacy or harm our users
  • Don't disrupt our services

We consider security research conducted under this policy to be authorized and lawful activity.

Questions?

If you have questions about this policy, please contact us:

Security Team: security@fzenta.com

General Inquiries: contact@fzenta.com

← Back to Home