Logo

Vulnerability Disclosure Policy

01-01-2026 | Version V1.0

Purpose

ZeaCloud is committed to maintaining the security and reliability of its cloud infrastructure and services. We recognize that security researchers, customers, and the broader community play an important role in identifying potential vulnerabilities.

This Vulnerability Disclosure Policy outlines how individuals can responsibly report security issues so they can be investigated and addressed appropriately.

Scope

This policy applies to potential security vulnerabilities affecting:

  • ZeaCloud public websites and web applications
  • ZeaCloud customer portals and management interfaces
  • ZeaCloud hosted services that are publicly accessible
  • ZeaCloud APIs and service endpoints

This policy does not apply to vulnerabilities affecting third-party services or software that are outside ZeaCloud’s operational control, although such reports may be forwarded to the relevant vendor when appropriate.

Reporting a Vulnerability

If you believe you have discovered a security vulnerability related to ZeaCloud services, please report it by sending an email to:

soc@zeacloud.com

Please include the following information where possible:

  • Description of the vulnerability
  • Steps required to reproduce the issue
  • Affected URL, IP address, or service
  • Screenshots, logs, or proof-of-concept if available
  • Your contact information for follow-up

Providing clear reproduction steps helps our team investigate and resolve issues faster.

Responsible Disclosure Guidelines

When testing or reporting vulnerabilities, please follow these guidelines:

  • Do not access, modify, or delete data belonging to other users.
  • Do not intentionally disrupt or degrade ZeaCloud services.
  • Do not attempt social engineering, phishing, or physical intrusion.
  • Do not exploit vulnerabilities beyond what is necessary to demonstrate their existence.
  • Do not publicly disclose the vulnerability until ZeaCloud has had reasonable time to investigate and remediate it.

If a vulnerability allows access to sensitive information, please stop testing immediately and report the issue.

Our Commitment

When a vulnerability report is submitted responsibly and in good faith, ZeaCloud commits to:

  • Acknowledge receipt of the report within a reasonable timeframe
  • Investigate the issue with our security and engineering teams
  • Take appropriate remediation actions where required
  • Keep the reporter informed of the investigation progress when possible

We value responsible disclosure and appreciate the efforts of individuals who help improve the security of our platform.

Safe Harbor

ZeaCloud will not pursue legal action against individuals who:

  • Discover and report vulnerabilities in good faith
  • Follow the responsible disclosure guidelines described in this policy
  • Avoid privacy violations, service disruption, or data destruction during testing

Activities conducted in accordance with this policy will be considered authorized.

Recognition

While ZeaCloud does not currently operate a public bug bounty program, we appreciate responsible security research and may acknowledge contributions from individuals who report valid vulnerabilities that help improve our security posture.

Updates

ZeaCloud may update this policy periodically to reflect changes in services or security practices. The latest version will always be available on this page.

Contact

For vulnerability reports or security concerns:

Email: soc@zeacloud.com