Security

How we protect your data — and how to report a vulnerability.

Last updated: July 2026

Security is foundational to how we build ZeroFi. This page summarizes the practices we use to protect your data and how security researchers can report issues to us. It is a description of our program, not a contractual guarantee.

Data protection

Authentication & access

Application safeguards

Infrastructure

We build on reputable cloud providers, including Supabase (managed Postgres, authentication, and storage), Vercel (application hosting and CDN), and vetted third parties for email, payments, and AI processing. These providers maintain their own security certifications and controls.

Payments

Card payments are handled by PCI-compliant payment processors (e.g., Stripe). We do not store full card numbers on our systems.

Monitoring & response

We log security-relevant events and monitor for anomalies. In the event of a security incident that affects your data, we will investigate, take corrective action, and notify affected users as required by applicable law.

Responsible disclosure

We welcome reports from the security community. If you believe you've found a vulnerability, please email security@zerofi.ai with details and steps to reproduce. We ask that you:

Acting in good faith under these guidelines, we will not pursue legal action for your research. We appreciate and acknowledge researchers who help keep ZeroFi safe.

Your role

Use a strong, unique password, keep your credentials private, and contact us immediately at security@zerofi.ai if you suspect unauthorized access to your account.

Contact

Security questions or reports: security@zerofi.ai. ZeroFi is a product of Nirvana Consulting Company (ainirvana.ai).