Zip
Zip is a leading digital financial services company providing fair and seamless solutions that simplify how people pay.
External Program
Submit bugs directly to this organization
Zip
Zip is a leading digital financial services company providing fair and seamless solutions that simplify how people pay.
External Program
Submit bugs directly to this organization
To protect businesses and organizations worldwide, it is critical that the broader community of IT and security professionals report potential vulnerabilities as soon as they are recognized. This allows industry experts to take appropriate action to resolve any vulnerability that is discovered. If you are aware of a potential security vulnerability with any Zip product or service, we encourage you to contact us immediately at [email protected]. All reported vulnerabilities are investigated by the Zip Cybersecurity team. Throughout the investigation process, Zip Security makes every effort to work collaboratively with the incident reporter to investigate the vulnerability, gather required technical information, and to determine an appropriate action plan.
A security vulnerability is a flaw or weakness in the design, implementation, operation or management of a product or service that could be exploited to compromise the confidentiality, integrity, or availability of data.
The scope covers all software vulnerabilities in services provided by Zip.
*.quadpay.com (All assets on quadpay.com and subdomains, except services provided by third parties)*.zip.co (All assets on zip.co and subdomains, except services provided by third parties)*.getpocketbook.com (All assets on getpocketbook.com and subdomains, except services provided by third parties)*.zipmoney.com.au (All assets on zipmoney.com.au and subdomains, except services provided by third parties)com.quadpay.android (Android: Play Store QuadPay app)com.quadpay.ios (iOS: App Store QuadPay app)All vulnerabilities that require or are related to the following are out of scope:
If you feel that a particular asset or activity not mentioned here should be in scope, please submit a report along with a brief description of why you believe that the asset should be covered by this scope.
We reserve our right not to act in case of findings with no real risk impact on our data integrity and security. Any actions that violate applicable terms of service, policies or governing law will be considered as acting in bad faith. We are not obliged to provide remuneration, fee or rewards for any vulnerability disclosure – such action remains in our full discretion.
If you have information about a security issue or vulnerability with a Zip product or service, please send an email to [email protected]. Encrypt sensitive information using Zip's PGP public key.
Please provide as much information as possible, including:
Discoverer's contact information:
Vulnerability information:
Communication plans:
A member of the Zip Security Team will review your email and contact you to collaborate on resolving the issue.
We ask that you:
Any personal information disclosed will be treated in accordance with Zip's applicable privacy policies.