Responsible Disclosure
Last updated: June 2026
Security is core to what we do. If you believe you have found a vulnerability in ZeroXPay, we want to hear from you.
1. Our commitment
We value the work of security researchers and the wider community in helping keep ZeroXPay and our customers safe. We will investigate every legitimate report and work with you to understand and resolve the issue quickly.
2. How to report
Please submit your report through our official security reporting channel. Include enough information for us to reproduce the issue, such as the affected endpoint, the steps to reproduce it, and any proof-of-concept material.
3. Guidelines
- Give us a reasonable time to investigate and fix the issue before disclosing it publicly.
- Do not access, modify or delete data that does not belong to you.
- Avoid actions that could harm the availability or integrity of our services, such as denial-of-service testing.
- Act in good faith and within the law.
4. What to expect
We will acknowledge your report, keep you informed of our progress, and let you know when the issue has been resolved. We are happy to credit researchers who responsibly disclose valid issues, where appropriate.
5. Scope
This policy covers ZeroXPay's own products and infrastructure. Issues affecting third-party services should be reported to the relevant provider.