Security
We take security seriously. Here's what we do to protect your account and data.
Found a security issue? Please report it to steve@zerocore.ai. We appreciate responsible disclosure.
Account Security
What We Do
- Passwords are hashed using bcrypt before storage
- All connections use HTTPS/TLS encryption
- Sessions are managed with secure, HTTP-only cookies
What You Can Do
- Use a strong, unique password for your account
- Don't share your credentials or API tokens
- Revoke API tokens you no longer use
API Tokens
- Tokens are generated using cryptographically secure random functions
- Tokens are hashed before storage - we cannot recover lost tokens
- You can create multiple tokens with different permission scopes
- Tokens can be revoked at any time from your dashboard
Tool Integrity
- All uploaded tools include checksums for verification
- Published versions are immutable - they cannot be modified after publishing
- Each tool is tied to a verified publisher account
Reporting Security Issues
If you discover a security vulnerability, please let us know:
How to Report
- Email steve@zerocore.ai
- Include steps to reproduce the issue
- Give us reasonable time to fix it before public disclosure
Our Commitment
- We'll acknowledge your report promptly
- We'll keep you updated on our progress
- We won't take legal action against good-faith reporters
Questions?
For security concerns or questions, email us at steve@zerocore.ai.
