ZapDigits Marketing Dashboards

Vulnerability Disclosure Policy

Last updated: November 11, 2025

Summary

ZapDigits takes the security and privacy of our customers and systems seriously. If you discover a security vulnerability in our services, thank you — we want to hear about it. Please follow the instructions below so we can assess and remediate issues quickly and safely.

Important: We do not authorize any testing that is not explicitly pre-approved in writing. Unauthorized testing, exploitation, or access to systems, data, accounts, or infrastructure is strictly prohibited and may result in civil or criminal legal action. ZapDigits does not offer bounties or payments for vulnerability reports.

What we welcome

If you find a potential security issue affecting ZapDigits (websites, applications, services, APIs, infrastructure), please report it to us via the contact channel below. Good-faith reports that follow this policy will be reviewed and acknowledged — we appreciate responsible reporting and will consider public acknowledgement (credit) at the reporter's request.

What we do not permit

Do not perform any of the following without explicit written authorization from us:

  • Exploiting a vulnerability or accessing data that does not belong to you.
  • Denial-of-service or load-testing that impacts service availability.
  • Social-engineering, phishing, or physical testing of ZapDigits staff or partners.
  • Testing on production systems in a way that degrades service for other users.
  • Any activity that violates applicable law.

If you perform unauthorized testing, you could be subject to legal action. We will not approve or reward unauthorized tests.

Scope

In-scope:

  • *.zapdigits.com and services directly operated by ZapDigits (web apps, APIs, developer endpoints).
  • Other assets listed on this page or communicated in writing by ZapDigits as in-scope.

Out-of-scope:

  • Third-party services or software hosted by other vendors (including SaaS providers, analytics vendors, payment providers) unless explicitly listed.
  • Physical attacks, social engineering of staff, or attacks on other customers.
  • Any activity that causes harm to users or disrupts service.

If you're unsure whether a system is in scope, include the target in your report and we'll confirm.

How to report a vulnerability

Email us at: security@zapdigits.com

When reporting, please include:

  • A clear description of the issue and the affected system(s) (URLs, endpoints, account IDs).
  • Step-by-step reproduction steps (so we can reliably reproduce).
  • Proof-of-concept (PoC) code or screenshots where safe and necessary (do not include exfiltrated customer data).
  • The impact and any evidence of access or data exposure.
  • Your contact information (email) and whether you want public credit.

Optional but helpful:

  • Suggested remediation or mitigation ideas.
  • A safe timeframe when we can contact you if additional info is needed.

If you prefer encrypted email, include our PGP public key fingerprint on the report page (or request it via the security@ address).

What to expect from us

  • Acknowledgement: We aim to acknowledge receipt within 3 business days.
  • Triage: We will triage and classify the report and will update you about status within 14 calendar days where possible.
  • Remediation: We will investigate and, if valid, remediate according to severity and operational constraints. For complex fixes we may provide periodic status updates.
  • Credit: If you request public acknowledgment and your report meets the criteria (clear, not malicious, not previously known), we may credit you on a public acknowledgements page at our discretion. We will not pay rewards.

Note: these timelines are target goals. If you do not hear back in the windows above, please follow up to the same email address.

Legal & privacy considerations

  • Do not access, modify, or exfiltrate user or customer data. If you encounter customer data by accident, stop and report immediately.
  • By submitting a report you confirm that the report and your methods did not violate any law and were performed in good faith.
  • ZapDigits does not grant permission for testing unless explicitly stated in writing. Unauthorized testing may expose you to civil or criminal liability.

Acknowledgements & safe harbor

We appreciate responsible disclosure. While we cannot promise legal immunity, we will consider the manner of testing and whether it complied with this policy when deciding how to proceed. We may recognize researchers with public credit if they request it and the disclosure was responsible.

Contact

malith+security@zapdigits.com

For urgent or sensitive reports, indicate "URGENT — SECURITY REPORT" in the subject line.

Changes to this policy

ZapDigits may update this policy from time to time. The "Last updated" date at the top will reflect the latest change.

Featured on:
Featured on Startup FamenextbigproductFazier badgeFeatured on Twelve ToolsIndie Deals
Featured on Startup FameFazier badgeFeatured on Twelve ToolsUneed Embed Badge

Product

Compare

Resources

ZapDigits Marketing Dashboards Logo

ZapDigits 2025. All rights reserved. | Made in The EU 🇪🇺