• ๐Ÿ” Report Security Issues

    If you discover a security vulnerability on zetsylook.com, we encourage you to notify us immediately. We review all legitimate vulnerability reports and will do our utmost to resolve issues promptly. Before reporting, please carefully review this document, including our fundamentals, bounty program, reward guidelines, and what should not be reported.

    ๐Ÿ“‹ Fundamentals

    If you follow the principles below when reporting a security issue to zetsylook.com, we will not initiate legal action or enforcement against you in response to your report.

    We ask that you:

    1. โณ Give us reasonable time to review and fix the issue you report before publicly disclosing or sharing the information with others.

    2. ๐Ÿšซ Do not interact with any private accounts (including modifying or accessing data) without explicit consent from the account owner.

    3. ๐Ÿค Make a good faith effort to avoid privacy violations and disruptions to others, including but not limited to data destruction or service interruptions.

    4. โŒ Do not exploit the security issue for any reason, including demonstrating additional risk (such as attempting to access sensitive company data or seeking other vulnerabilities).

    5. โš–๏ธ Comply with all applicable laws and regulations.

    ๐Ÿ’ฐ Bounty Program

    We recognize and reward security researchers who help keep our platform safe by reporting vulnerabilities. Monetary rewards are at the sole discretion of zetsylook.com, based on risk, impact, and other factors. To be eligible for a bounty, you must:

    1. Follow our fundamentals listed above.

    2. Report a valid security bug: a vulnerability in our services or infrastructure that poses a security or privacy risk. (Note: We ultimately determine the severity of the issue; not all bugs qualify as security vulnerabilities.)

    3. Submit your report through our official security center. Please do not contact individual employees.

    4. Disclose if you accidentally cause a privacy violation or service disruption (e.g., accessing account data or confidential configurations) while investigating the issue.

    5. Understand that we review and respond to valid reports based on priority and severity, which may take some time.

    6. Accept that we reserve the right to publish vulnerability reports, respecting privacy as appropriate.

    ๐ŸŽ Rewards

    Rewards are based on the impact of the vulnerability. We update the program regularly based on feedback. Please share any suggestions for improvement.

    • Provide detailed, reproducible reports. Issues without enough detail will not qualify for a bounty.

    • In case of duplicates, the first fully reproducible report is awarded.

    • Multiple vulnerabilities stemming from the same root cause are considered one bounty.

    • Bounty amounts are determined by factors such as impact, exploitability, and report quality.

    Maximum payout per severity level:

    Severity Max Reward Examples
    ๐Ÿ”ด Critical ($200) Privilege escalation, remote code execution, financial theft Remote Code Execution, Admin Access, SQL Injection leaking sensitive data
    ๐ŸŸ  High ($100) Platform security risks impacting core processes Lateral auth bypass, Stored XSS, Local file inclusion, Disclosure of sensitive corporate info
    ๐ŸŸก Medium ($50) Affects multiple users, minimal user interaction required Logic flaws, insecure object references
    ๐ŸŸข Low Affects individual users, requires interaction or complex prerequisites (e.g., MITM) Open redirect, Reflective XSS, Low sensitivity info leaks

    ๐Ÿ“ž Customer Contact 24/7

    • Phone: +1234567890

    • Email: [email protected]

    • Address: 425 SE Holly Way, McMinnville, OR 97128, United States