Responsible Disclosure

Zen Mesh values the work of security researchers in helping keep our platform safe. If you believe you have found a security vulnerability in Zen Mesh, we want to hear about it.

How to Report

Email security@zen-mesh.io with a description of the issue, steps to reproduce, and any supporting material (screenshots, logs, proof of concept).

What We Ask

• Report the vulnerability privately — do not disclose publicly before we respond.
• Provide sufficient detail for us to reproduce and validate the issue.
• Avoid accessing, modifying, or deleting customer data.
• Make a good-faith effort to avoid causing service disruption.

What We Commit To

• Acknowledge receipt within 5 business days.
• Keep you informed of remediation progress.
• Credit researchers who follow this policy (unless you prefer anonymity).

Scope

This policy covers the Zen Mesh web application at www.zen-mesh.io, the API at api.zen-mesh.io, and the documentation at docs.zen-mesh.io.

Out of scope: third-party services, social engineering, physical access.

Status

This responsible disclosure policy is published as a draft. Formal legal review has not yet been completed. Zen Mesh does not currently operate a bug bounty program.