- You register to our App (whether through third party providers)Â
- You otherwise sign into our App via Single Sign-on (SSO)
Provide App users with the functionality of the App
Name, account username, email address, language preference, profile picture, company affiliation, logo URL, company description, links to your projects and any other data you choose to provide directly to us to through the third-party providers
You pay us, whether through Stripe, the marketplace of other service providers, or through a purchase order
Basic billing and payment information from the payment processors including your name and your billing address. We do not receive your credit card number.
You contact us with an inquiry or provide us feedback through the Website or the via the App chat
- Develop our relationship with App users and Website visitors in general
- Develop our business and sales
- Provide technical support to App users
- Develop and enhance the App and Websites
Name, account username, email address, company affiliation, position, phone number, country, and content of inquiry or feedback
- We send you marketing emails and newsletters
- We call you to interest you in using our App
Promoting and marketing EnvZero’s products and services
Name, account username, user address, email address, and phone number
Our business relationship with App users
- Administer the business and professional relationship with App usersÂ
- Facilitate technical support to App usersÂ
Name, account username, email address, company affiliation, position, phone number, country, past communications, products, and services used
You ask to have a demo of EnvZero’s productÂ
- Develop our relationship with prospective App users
- Develop our business and sales
Name, email address, company affiliation, position, phone number, country, information about demo sessions conducted
Our business relationship with vendors and service providers
- Administer the business relationship with vendors and service providers
- Facilitate EnvZero’s use of vendors’ and service providers’ products and services
Name, email address, company affiliation, position, phone number, country, email communications
Essential cookies on the Websites and App
Facilitate Website or App features that the User specifically requested
IP address, pages visited, Website and App functions used, fields completed in forms
Non-essential cookies on the Websites and App
- Analyze site usage to evaluate and improve its performance
- Improve user experience
- Inform and serve personalized ads more relevant to user interests
IP address and location data based on it, pages visited, Website and App functions used, fields completed in forms, screen captures or recordings
We will share your personal information with our service providers who assist us with the internal operations of our business, the Websites, and the App. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes.
Operating the Websites, our App, and our business
EnvZero Ltd., Google, GitHub, Microsoft, AWS, BitBucket, Stripe, and Hubspot.
If you abused your rights to use the App and the Websites or violated any applicable law while doing business with us.
Responding to, handling, and mitigating suspected violations of law in connection with our business.
Competent authorities, legal counsels, and advisors.
If a judicial, governmental, or regulatory authority requires us to disclose your information.
Complying with a binding request from a competent authority.
If the operation of the App, the Websites or our business is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition).
Enabling a structural change in the operation of the Websites and our business.
The target entity of the merger or acquisition, legal counsels, and advisors.
Marketing, tracking digital activity and performance, embedding videos on the Website and App, interaction with social media platforms, contact enrichment, product usage dashboard, and analytics.
‍
These are further described in our Cookie consent banner, available here.
As further described in our Cookie consent banner, available here.
Last updated: Jun 9, 2026
Introduction
env zero is committed to the security of our platform and our users' data. We welcome responsible security research and appreciate the efforts of security researchers who help us identify and address vulnerabilities.
If you believe you have discovered a potential security vulnerability in one of our products, we encourage you to discreetly report it to us via our security report form, quickly and responsibly.
Our Bug Bounty Program is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us.
Acceptance
By participating in this Bug Bounty Program, you agree to comply with the guidelines outlined in this document. env zero reserves the right to modify the terms of this program at any time.
Guidelines
Under this program, “research” means activities in which you:
Notify us as soon as possible after you discover a real or potential security issue.
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
Only use exploits to the extent necessary to confirm a vulnerability’s presence.
Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems.
Do not submit a high volume of low-quality reports.
Once you’ve established that a vulnerability exists or if you encounter any sensitive data (including personally identifiable information, financial information, proprietary information, or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.
Scope
The following assets are in scope for this program:
docs.envzero.com - env zero Documentation
env zero Application - env zero Platform
Out of Scope
env zero (env0) website domains and any related subdomains are out of scope.
The following activities are out of scope for the env zero Bug Bounty Program. Conducting any of the activities below will result in disqualification from the program permanently.
Targeting assets of env zero's customers
Any vulnerability obtained through the compromise of env zero customer or employee accounts
Any Denial of Service (DoS) attack against env zero products or env zero customers
Social engineering of env zero employees, contractors, vendors, or service providers
Knowingly posting, transmitting, uploading, linking to, or sending malware
Pursuing vulnerabilities which send unsolicited bulk messages (spam)
In case a vulnerability report will be submitted about an item that is included in the above list, env zero will not review and the report will be rejected.
Reporting a Suspected Vulnerability
If you believe you have found a security vulnerability, please report it via our security report form.
To enable us to respond more efficiently to your report, kindly provide any relevant supporting materials (such as proof-of-concept code, tool output, etc.) that would aid us in comprehending the nature and severity of the vulnerability.
Service Level Agreement (SLA)
env zero is committed to being responsive and keeping you informed of our progress as we investigate and/or mitigate your reported security concerns. You will receive a non-automated response to your initial contact as quickly as possible, confirming receipt of your reported vulnerability and assigning you a tracking number.
The amount of time required to validate a reported vulnerability can change per case, and it depends on the complexity and severity of the issue. We make every effort that all reports and answers will be provided no longer than 120 days.
Disclosure
env zero requests that you do not publicly disclose any information regarding the vulnerability or exploit the issue until it has had the opportunity to analyze the vulnerability, respond to the notification, and notify key users, customers, and partners.
Confirmation of Non-Vulnerabilities: If the issue cannot be validated, or is not found to originate in a env zero product, this will be shared with you.