Back to home

Security

Zero Calendar is committed to ensuring the security of our users' data. This page outlines our security practices and provides information on how to report security vulnerabilities.

Data Encryption

All data is encrypted in transit using TLS 1.3. Sensitive data at rest is encrypted using industry-standard AES-256 encryption.

Infrastructure

Our infrastructure is hosted on secure cloud providers with SOC 2 compliance. We implement network security controls, including firewalls and intrusion detection systems.

Open Source

As an open-source project, our code is publicly available for review. This transparency allows the community to identify and address security issues quickly.

Bug Bounty

We maintain a bug bounty program to encourage responsible disclosure of security vulnerabilities. See below for details on how to report issues.

Our Security Practices

  • Authentication: We implement secure authentication mechanisms, including support for multi-factor authentication and secure password storage using bcrypt hashing.
  • Regular Audits: We conduct regular security audits and code reviews to identify and address potential vulnerabilities.
  • Dependency Management: We regularly update our dependencies to ensure we're protected against known vulnerabilities.
  • Access Controls: We implement strict access controls to ensure that only authorized personnel have access to sensitive systems and data.
  • Monitoring: We maintain comprehensive logging and monitoring systems to detect and respond to suspicious activities.

Reporting Security Issues

We take security issues seriously. If you believe you've found a security vulnerability in Zero Calendar, please report it to us immediately.

Send details to lucknitelol@proton.me. We ask that you do not publicly disclose the issue until we've had a chance to address it.

Self-Hosting Security

If you're self-hosting Zero Calendar, we recommend following these security best practices:

  • Keep your server and all dependencies up to date
  • Use HTTPS with a valid SSL certificate
  • Implement proper firewall rules
  • Use strong, unique passwords for all accounts
  • Regularly back up your data
  • Monitor your server for suspicious activities
  • Follow the principle of least privilege for all user accounts

Security Updates

We regularly release security updates to address vulnerabilities. You can stay informed about these updates by:

  • Following our GitHub repository
  • Subscribing to our security mailing list
  • Checking our blog for security announcements

Have questions about our security practices?

Contact Our Security Team