top of page
ZEB SVG WHITE.png

Our Commitment to Security

 

Effective Date: 18/02/2025
Last Updated: 10/09/2025

At Zerberus.ai, the protection and security of your data are core to our mission. Our security approach is built on industry-leading standards, rigorous certifications, and ongoing compliance with UK and Wales legislation including the Data Protection Act 2018 and UK GDPR. We continuously monitor our systems and processes to foster trust and support your business’s compliance needs.​

Security Standards and Frameworks

  • Continuous Monitoring: We leverage advanced automation and real-time monitoring to maintain a strong security posture. Our teams receive immediate alerts regarding potential events, enabling quick detection and response.​

  • Compliance Frameworks: Our information security programme aligns with ISO 27001, SOC 2, and supports key requirements of the UK GDPR and Data Protection Act.​

  • Centralized Controls: Security controls and policies are standardised, reviewed, and updated on an ongoing basis, supported by regular independent audits and annual penetration testing.​

  • Vendor and Employee Oversight: Role-based access, single sign-on, frequent security awareness training, and rigorous third-party risk management help ensure holistic protection of your data.​

Regional and Legal Compliance

  • UK and Wales Data Protection: Zerberus.ai is fully compliant with the Data Protection Act 2018 and UK GDPR, governed by the Information Commissioner’s Office (ICO). Our systems operate in adherence with these data privacy principles, including data minimisation, transparency, and your rights as a data subject.​

  • Cybersecurity Laws: We adhere to obligations under the UK’s Computer Misuse Act and sector-specific regulations such as the NIS Regulations for relevant organisations.​

  • International Standards: Where relevant, we also support additional frameworks including NIS 2, DORA, and the EU AI Act, aligning with Vanta’s and Secureframe’s standards for continuously evolving requirements.​

Application and Infrastructure Security

  • Data Encryption: Data is protected using AES encryption at rest and TLS in transit.​

  • Continuous Auditing: We undergo regular, independent penetration tests and security reviews, and respond rapidly to new threats.​

  • Automated Policy Management: Our security and data governance policies are regularly reviewed and updated, with controls enforced throughout the product lifecycle.​

Vulnerability Disclosure & Recognition

Zerberus.ai does not currently operate an official or public bug bounty programme. However, we recognise the value of the security community and remain open to receiving reports of genuine, exploitable vulnerabilities that may pose risk to our systems or users or their data.​

Responsible Disclosure

We encourage researchers and ethical hackers to report vulnerabilities responsibly by contacting our team at security@zerberus.ai. Please include sufficient technical details and reproduction steps to assist with validation.​

  • Eligible Submissions: Reports must be original, previously unreported, and concern our own code or platforms. Vulnerabilities in third-party services or already known/being fixed issues are not eligible.​

  • Validation and Acknowledgement: All legitimate, reproducible vulnerabilities will be reviewed and validated by our security team. Where appropriate, researchers will receive public acknowledgement and a token of appreciation, occasionally accompanied by a small discretionary bounty, depending on impact and novelty.​

  • Participation Rules: Participants must not be affiliated with Zerberus.ai, partners, affiliates, alliances or otherwise privy to the operations of Zerberus Technologies Ltd (UK) or Zerberus Technology Ltd (India) and must comply with UK law, and must not perform actions resulting in data loss, system disruption, or personal data exposure during testing.​

  • Scope:  Our platform’s core systems and APIs are in-scope. Vulnerabilities impacting customer data confidentiality, integrity, or service availability are prioritised. Out-of-Scope Reports: The following categories are explicitly excluded from acknowledgement or reward:

  • SPF, DKIM, or DMARC configuration issues

  • WAF bypasses or rate-limiting tests

  • DDoS or volumetric attacks

  • Social engineering, phishing, or physical intrusion attempts

  • Third-party integrations or dependencies beyond our control

  • Recognition & Reward:  All validated reports are recognised suitably at a platform of our choosing (Linkedin, X etc). Rewards are issued at Zerberus.ai’s discretion based on the severity and impact of discovered issues. Duplicate reports may result in split rewards; ineligible or low-impact findings may not be rewarded.​

  • Reporting Process: 

    • To report a vulnerability, contact security@zerberus.ai

    • Please provide detailed steps for reproduction to help us investigate and resolve the issue efficiently.​

    • Any reported issue should not be revealed/published until a formal acknowledgement and remediation confirmation is shared with the researcher.

Contact and Transparency

We are committed to transparency, collaboration, and continuous improvement in our security practices. To learn more about ongoing compliance, audits, or to request detailed reports, please contact our security team directly at security@zerberus.ai

bottom of page