Skip to main content

Security Policy

Vulnerability Disclosure Policy

Last updated: July 14, 2026

Reporting Security Vulnerabilities

I take the security of zalt.me seriously. If you discover a security vulnerability, I appreciate your help in disclosing it to me in a responsible manner. Your efforts help keep this website and its users safe.

Secure by Design: Everything Runs in Your Browser

The tools and utilities on this site are not connected to a backend. They run entirely on your own device, so the usual ways data gets leaked simply do not apply here.

  • Your device is the host: your browser and operating system do the work. Any models or libraries a tool needs are downloaded to your machine and run locally.
  • Nothing is transmitted: the text and files you enter never leave your browser, so there is no server-side copy to intercept, leak, or breach.
  • Nothing is stored: no accounts, no uploads, and no logging of tool content on my side.

To keep the site fast and reliable I do collect a minimal amount of anonymous, aggregated analytics, which pages get visited and where errors happen, so I can understand behavior, optimize the experience, and fix problems quickly. That is limited to navigation behavior and never includes anything you type or input into a tool or field, including any email or personal details a tool may ask for. Even if you paste sensitive information into a tool, there is zero risk, because it never leaves your device.

You are effectively running offline. You can even switch off your Wi-Fi: once a tool has loaded and downloaded any model it needs, it keeps working normally on your device.

How to Report

Please report security vulnerabilities by emailing:

[email protected]

Please include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact of the vulnerability
  • Any suggested fixes or mitigations (if available)

What to Expect

  • I will acknowledge receipt of your report within 48 hours
  • I will provide an initial assessment within 7 days
  • I will keep you informed of the progress toward resolving the issue
  • I will notify you when the vulnerability has been resolved

Responsible Disclosure

I ask that you please:

  • Give me reasonable time to fix the issue before public disclosure
  • Act in good faith and avoid accessing or modifying data that does not belong to you
  • Not perform any actions that could harm the site or its users
  • Not disclose the vulnerability publicly until it has been resolved

Recognition

With your permission, I would like to recognize your contribution on my Security Acknowledgments page.

Bug Bounty Program

I do not operate a bug bounty program and do not offer monetary rewards for vulnerability reports. I appreciate responsible disclosure and will only acknowledge valid security findings.

Out of Scope

The following are generally considered out of scope:

  • Social engineering attacks
  • Physical security issues
  • Denial of service attacks
  • Issues requiring physical access to a device
  • Spam or content issues

Related Policies

For information about how I collect, use, and protect your personal data, please see my Privacy Policy.