Security Policy

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability, please report it to us privately.

How to Report:

– Email: security@zixio.de

– PGP Key: https://zixio.de/pgp-public.key

What to Include:

– Description of the vulnerability

– Steps to reproduce

– Potential impact

– Any proof-of-concept code (if applicable)

Our Commitment

– We’ll acknowledge your report within 48 hours

Safe Harbor

We consider security research conducted under this policy to be:

– Authorized

– Conducted in good faith

– Lawful and compliant with applicable laws

We will not pursue legal action against researchers who:

– Follow this policy

– Act in good faith

– Avoid privacy violations, data destruction, and service interruption

Scope

In Scope:

– zixio.de and its subdomains

Out of Scope:

– Social engineering attacks

– Physical security attacks

– Denial of service attacks

– Spam or email attacks

Thank You

We appreciate the security research community’s efforts to keep our users safe.