Responsible Disclosure Policy

If you are a security researcher and have discovered a security vulnerability in the Service, we appreciate your help disclosing it to us in a responsible manner. We will not take legal action or suspend use of the service for those disclosing a vulnerability in accordance with this Responsible Disclosure Policy.


You may only test against an account you own or have been given permission to test by the account owner. You are prohibited from:

  • accessing, downloading or modifying data from an account that you do not own or have explicit permission to test from the account owner
  • executing or attempting to execute a denial of service attack
  • transmitting or uploading malicious software
  • sending unsolicited or unauthorized junk mail or spam messages or other types of unsolicited or unauthorized messages
  • testing in a manner that would degrade the operation of the service
  • testing third party applications that integrate with the service


To report a vulnerability, please email with the following

  • information on the vulnerability and steps to reproduce
  • your email address
  • your name and website or twitter handle if you would like your name displayed on this page

Please do not publicly disclose these details until receiving written consent from Zuum

Compensation Requests

Requests for monetary compensation for any identified or alleged vulnerabilities will be deemed non-compliant with this Responsible Disclosure policy.

Our Commitment

If you identify a vulnerability in accordance with this policy, we commit to:

  • Promptly acknowledge receipt of your report
  • Provide a timetable for a fix
  • Notify you when the fix has been completed
  • Publicly acknowledge you for your contribution


Zuum thanks the following individuals and organizations that have identified vulnerabilities in accordance with this policy:

Shivam Kumar Agarwal (