Responsible Disclosure

We value the security community and encourage good-faith vulnerability research on our platform.

1. Scope

This responsible disclosure policy explicitly covers vulnerabilities found on zolvaritech.com and its associated APIs and underlying OS infrastructure.

2. How to Report

If you believe you have found a security vulnerability, please email us directly at security@zolvaritech.com. Include a detailed description of the vulnerability, the steps required to reproduce it, and any proof-of-concept scripts or materials.

3. Response Commitment

We commit to the following timelines when responding to responsible disclosure reports:

• Acknowledgment: We will acknowledge receipt of your report within 48 hours.
• Status Update: We will provide a triage status update within 7 days.
• Fix Timeline: We will establish a remediation timeline based on the severity and complexity of the vulnerability.

4. Safe Harbor

If you conduct your research and report vulnerabilities in good faith and in full compliance with this policy, we will not initiate legal action or law enforcement investigations against you related to your research.

5. Out of Scope

The following activities and vulnerability classes are strictly out of scope and do not qualify for safe harbor:

• Social engineering (e.g., phishing, vishing) against our employees or users.
• Denial of Service (DoS/DDoS) attacks or any actions that degrade platform performance.
• Vulnerabilities physically hosted or controlled by third-party service providers.
• Physical attacks against our facilities or hardware.

6. Recognition

We deeply appreciate the efforts of security researchers. By default, reports are confidential, but we are happy to provide public credit in our security advisories or release notes if you desire recognition for your contribution.