• Charging solutions
    • Home charging
      • Zaptec Go
      • Zaptec Go 2
    • Commercial & shared charging
      • Zaptec Pro
    • Load balancing
    • Zaptec App
    • Zaptec Portal
    • Accessories
  • For partners & installers
    • Documents & manuals
    • Partner webshop
    • Partner marketing material
    • Existing partners & installers
    • Training courses
    • Become a partner
  • Info Hub
    • Tips and tricks
    • Case studies
    • Industry news
    • Inside Zaptec
  • Need help?
    • Documents & manuals
    • Help Centre
    • Contact us
  • Company
    • About us
    • Our journey
    • Quality and safety
    • Sustainability commitments
    • Investor relations
    • Careers
  • Find an installer
  • Become a partner
Get ZaptecGet Zaptec

Explore our solutions

Get ZaptecGet Zaptec
Charging SolutionsPartners & installersSupportDocuments & manualsCompanyInfo HubZaptec portalInvestor RelationsPressTerms and conditionsPrivacy PolicySecurityCookie Policy
FacebookBlueskyInstagramLinkedInTikTokYouTube

Vulnerability Reporting

We take product security seriously and welcome reports from customers, partners, and researchers. This page explains how to report a vulnerability to us and what you can expect in return.

How to Report a Vulnerability

If you believe you have discovered a security vulnerability in a Zaptec product or service, please contact us at security@zaptec.com.
To help us respond quickly and effectively, please include as much detail as possible in your report. We recommend reviewing these guides for tips on writing high-quality reports:

  • How to Write a Quality Report (HackerOne)
  • How to Write Good Vulnerability Reports (Hacker101)

Please do not publicly disclose the vulnerability before we have had a chance to investigate and respond.

What to Include in Your Report

  • A clear description of the vulnerability and its impact
  • Steps to reproduce the issue (including code, screenshots, or videos if helpful)
  • Any relevant product, firmware, or software version numbers
  • Your contact information (if you wish to be acknowledged)

In scope:

All products we place on the market (devices, firmware/software, and any integrated remote data-processing services tied to product functions)

Out of scope:

Corporate IT systems and third-party services not integral to product functions (but you may still notify us if you find something concerning)

What You Can Expect

 

  • Acknowledgment: We will confirm receipt of your report within a reasonable timeframe.
  • Investigation: Our security team will investigate the issue and may contact you for further information.
  • Resolution: We will work to resolve valid vulnerabilities as quickly as possible and keep you informed of our progress.
  • Recognition: With your permission, we may acknowledge your contribution on our website or in release notes.

Safe Harbor

If you comply with these rules and applicable laws, we won’t pursue legal action or ask law enforcement to investigate your research.

Reporting timeline

Zaptec shall provide a written report no later than 14 business days after the occurrence of the event or upon receipt of the request for information.
The report shall include relevant findings, corrective actions taken, and any follow-up measures planned.

Legal reporting obligations

Zaptec shall fulfill all reporting obligations to relevant authorities in accordance with applicable laws and regulations.
This includes, but is not limited to, the timely submission of reports required by national or EU legislation related to data protection, product safety, or cybersecurity.
Zaptec shall inform the Customer without undue delay of any such reporting when it concerns systems or data related to the Customer.

Communication of patches and updates

Critical security patches will be communicated immediately upon release, while routine updates will be summarized in regular maintenance notifications.