Security Policy
Vulnerability Disclosure Policy
Last updated: July 14, 2026
Reporting Security Vulnerabilities
I take the security of zalt.me seriously. If you discover a security vulnerability, I appreciate your help in disclosing it to me in a responsible manner. Your efforts help keep this website and its users safe.
Secure by Design: Everything Runs in Your Browser
The tools and utilities on this site are not connected to a backend. They run entirely on your own device, so the usual ways data gets leaked simply do not apply here.
- Your device is the host: your browser and operating system do the work. Any models or libraries a tool needs are downloaded to your machine and run locally.
- Nothing is transmitted: the text and files you enter never leave your browser, so there is no server-side copy to intercept, leak, or breach.
- Nothing is stored: no accounts, no uploads, and no logging of tool content on my side.
To keep the site fast and reliable I do collect a minimal amount of anonymous, aggregated analytics, which pages get visited and where errors happen, so I can understand behavior, optimize the experience, and fix problems quickly. That is limited to navigation behavior and never includes anything you type or input into a tool or field, including any email or personal details a tool may ask for. Even if you paste sensitive information into a tool, there is zero risk, because it never leaves your device.
You are effectively running offline. You can even switch off your Wi-Fi: once a tool has loaded and downloaded any model it needs, it keeps working normally on your device.
How to Report
Please report security vulnerabilities by emailing:
Please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any suggested fixes or mitigations (if available)
What to Expect
- I will acknowledge receipt of your report within 48 hours
- I will provide an initial assessment within 7 days
- I will keep you informed of the progress toward resolving the issue
- I will notify you when the vulnerability has been resolved
Responsible Disclosure
I ask that you please:
- Give me reasonable time to fix the issue before public disclosure
- Act in good faith and avoid accessing or modifying data that does not belong to you
- Not perform any actions that could harm the site or its users
- Not disclose the vulnerability publicly until it has been resolved
Recognition
With your permission, I would like to recognize your contribution on my Security Acknowledgments page.
Bug Bounty Program
I do not operate a bug bounty program and do not offer monetary rewards for vulnerability reports. I appreciate responsible disclosure and will only acknowledge valid security findings.
Out of Scope
The following are generally considered out of scope:
- Social engineering attacks
- Physical security issues
- Denial of service attacks
- Issues requiring physical access to a device
- Spam or content issues
Related Policies
For information about how I collect, use, and protect your personal data, please see my Privacy Policy.