Vulnerability Disclosure Policy

If you believe you have discovered a security vulnerability in any Zeeh Africa system, service, or product, please report it to us as soon as possible.

Contact Email: security@zeeh.africa

Please include the following details in your report:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Any proof-of-concept code, screenshots, or supporting materials
• The potential impact of the vulnerability

When you report a vulnerability to us, we commit to:

• Acknowledge receipt of your report within a reasonable timeframe
• Investigate and validate the issue promptly
• Keep you informed of progress where appropriate
• Work to remediate confirmed vulnerabilities in a timely manner

This policy applies to all publicly accessible Zeeh Africa systems, domains, and services unless explicitly stated otherwise.

We ask that you:

• Act in good faith and avoid privacy violations, data destruction, or service disruption
• Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
• Do not access, modify, or delete data that does not belong to you
• Give us a reasonable amount of time to resolve the issue before public disclosure

The following are generally considered out of scope:

• Vulnerabilities in third-party services not under Zeeh Africa's control
• Social engineering attacks
• Physical attacks against facilities or personnel
• Denial of Service (DoS/DDoS) attacks

Zeeh Africa will not pursue legal action against researchers who:

• Comply with this policy
• Act in good faith
• Avoid causing harm to users, systems, or data

While we do not currently offer a bug bounty program, we appreciate the contributions of security researchers and may acknowledge valid reports at our discretion.