Security Policy

AetherZero takes the security of our platform seriously. We welcome responsible disclosure from security researchers and the broader community.

Reporting a Vulnerability

If you discover a security vulnerability, please report it privately to:

security@aetherzero.io

Please include: a clear description of the issue, steps to reproduce, potential impact, and any supporting evidence. We will acknowledge receipt within 48 hours and aim to resolve confirmed issues within 30 days.

Scope

• In scope: aetherzero.io, dashboard.aetherzero.io, api.aetherzero.io, and any other service under the aetherzero.io domain
• Out of scope: Third-party services, social engineering, physical attacks, denial-of-service attacks, and automated scanning without prior coordination

Safe Harbor

We will not pursue legal action against researchers who discover and report vulnerabilities in good faith, provided they comply with this policy and do not: access, modify, or delete user data; disrupt service availability; or publicly disclose the issue before it is resolved.

What We Ask

• Do not access data that does not belong to you
• Do not perform automated scanning beyond what is necessary to identify the issue
• Give us reasonable time to respond before any public disclosure
• Do not exploit the vulnerability beyond demonstrating its existence

Security Architecture

AetherZero is built on a Zero Trust architecture with defence-in-depth controls including passkey-enforced authentication, TLS 1.3 in transit, and principle-of-least-privilege access throughout the platform. All administrative actions are captured in an immutable audit trail.