Security

Security of Zomentum customers' data is our primary concern. All information you store in Zomentum remains yours. We are committed to ensuring that your data is not accessed, shared to, or viewed by anyone without permission.

Data access and authorization
Access to customer data is limited to authorized employees who require it for executing their job, and every data access record is documented and stored in our logs.

Data backup
Zomentum's production data is regularly backed up to a separate, isolated location, and all backups are encrypted.

Authentication
Zomentum outsources authentication to a reputed 3rd party provider Auth0, to ensure that sensitive data such as passwords never reach zomentum servers. This is in line with our deep commitment to ensuring privacy and security for our customers' data.

In case you have found a lapse in our security measures, we humbly implore you to share it with us while guaranteeing our earnest efforts to remedy it at the earliest. Though at the moment we do NOT offer bug bounties, we do guarantee plenty of good karma and Zomentum freebies :)

Responsible Vulnerability Disclosure
We care deeply about keeping our customers' data safe and secure. Your input and feedback on our security are always appreciated.

Reporting an issue
If you discovered a security-related problem that isn't a common non-vulnerability. Kindly send a report to security@zomentum.com with relevant details as demonstrated in the following examples:
Please send a report to with more information like:
- A problem summary
- A PoC or a breakdown of how the issue can be replicated
- The operating system name and version as well as the web browsers name and text that you used to reproduce the issue

Here's how the process will go from there on:
- We will acknowledge your report.
- We will investigate the issue and may have clarifying questions.
- Once we deem the issue resolved, we will post an update with a warm acknowledgment and a heartful of thanks to your contribution.
- As disheartening it is at the moment that we are unable to offer bug bounties, we'd attribute to your universal credit and let the cosmos repay you in full.

What we're on a lookout for
We are interested in any vulnerabilities related to the application (https://dashboard.zomentum.com) such as:
Authentication issuesCircumvention of our Platform/Privacy permissions modelCross-site scripting (XSS)Cross-site request forgery (CSRF/XSRF). This excludes logout CSRF.Server-side code execution

Our Ask
We want to ask you to search for and report vulnerabilities responsibly, with the following principles in mind:
Don't try to access or manipulate other customers data; only test on your account
Do not exfiltrate data from our infrastructure (including source code, data backups, configuration files).
If you obtain remote access to our system, report your finding immediately. Do not attempt to pivot to other servers or elevate access.
Please avoid techniques that might degrade the service for others (DoS, spamming, etc.)
Please keep the vulnerabilities secret until you've notified us, and we've had adequate time to remedy the issues