Security and Responsible Disclosure
We take security seriously. If you discover a vulnerability, we appreciate you reporting it responsibly.
Send an email to SECURITY_EMAIL_PLACEHOLDER with: vulnerability description, steps to reproduce, potential impact, and if possible, a proposed solution.
We commit to: confirm receipt within 48 business hours, provide an initial assessment within 5 business days, keep you informed on resolution progress, and acknowledge your collaboration (if desired) once resolved.
Do not access data that is not yours, do not modify or destroy information, do not perform tests that may affect service availability, do not extort or threaten, and give us reasonable time to resolve the issue before making it public.
This responsible disclosure program applies to: zerotrustandorra.com and subdomains, email infrastructure, publicly accessible backend systems.
For sensitive communications, you can use our PGP key: