Responsible disclosure policy

At Zuza, we trust security researchers to help us protect our community's most intimate data.

Guidelines
If you intend to use this component with Finsweet's Table of Contents attributes follow these steps:
  1. Do not perform denial-of-service attacks or any form of network disruption.
  2. Je kunt je cookievoorkeuren op elk moment aanpassen via je browserinstellingen of ons cookie-banner.
  3. Do not use social engineering, phishing, or manipulation tactics against our team or users.
  4. Do not access, download, or share private user data, including conversation histories or personal profiles.

Introduction

Zuza is built on a foundation of human trust and technological precision. We combine certified Dating Guides with intelligent matching algorithms to create a dating platform where every member is verified and every interaction is protected. Our commitment to data protection goes beyond compliance. Even our Dating Guides themselves cannot browse the user database. This architectural choice ensures maximum discretion and prevents any single person from accessing the intimate details shared during the Deep Dive intake process.

We believe that security researchers play a vital role in maintaining the integrity of our platform. If you discover a vulnerability, we want to hear from you. This policy outlines how to report security issues responsibly and how we will respond.

Reporting guidelines

When conducting security research on Zuza, please follow these principles. Do not perform denial-of-service attacks, network scanning, or any form of disruption to our systems. Do not use social engineering, phishing, or deception to gain access to information. Do not access, download, or share any private user data, including messages, profiles, or personal information. Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We ask for a minimum of 90 days before public disclosure, though we will work to resolve critical issues much faster.

How to report a vulnerability

If you discover a security issue, please report it directly to our security team at security@zuza.nl. Include a clear description of the vulnerability, the steps to reproduce it, and the potential impact on our users. We will acknowledge receipt of your report within three business days. Our team will investigate the issue and keep you updated on our progress. Once we have deployed a fix, we will notify you before any public announcement.

Our commitment to researchers

Zuza will not pursue legal action against security researchers who follow this responsible disclosure policy in good faith. We recognize that ethical hackers and security professionals provide an essential service to the digital community. If you discover a vulnerability and report it according to these guidelines, you have our assurance that we will treat your report with respect and urgency.

Recognition and appreciation

We value the work of security researchers who help us protect our community. For qualifying, previously unknown vulnerabilities that are reported following this policy, Zuza may offer recognition in our security hall of fame or provide a token of appreciation. We will discuss recognition options directly with you after the vulnerability has been resolved and disclosed.