Security is a shared responsibility. This page explains what Bizzly is responsible for, what customers are responsible for, and how to report vulnerabilities safely.
We are dedicated to maintaining the security and privacy of the Bizzly Hosting platform. We welcome security researchers from the community who want to help us improve our services. Please contact us before performing any security-related testing.
What Bizzly is responsible for
Bizzly is responsible for the security of the hosting control panel, authentication flows, account access controls, billing and payment workflows, internal administration access, orchestration systems, and infrastructure that we operate directly. We monitor for abuse, apply platform updates, restrict staff access, and investigate security events that affect the Bizzly platform.
What customers are responsible for
Customers are responsible for securing their servers, applications, operating systems, packages, SSH keys, root passwords, firewalls, backups, DNS records, domain contact information, invited users, API credentials, software licences and content. You should patch promptly, use strong authentication, limit exposed services, keep backups, and remove access for users who no longer need it.
Reporting vulnerabilities
If you believe you have found a vulnerability in Bizzly Hosting, email [email protected]. Include the affected host or URL, reproduction steps, impact, screenshots or logs where useful, and your contact details.
Please give us the chance to fix the issue before making details public. Publicly disclosing a vulnerability before notifying us can put other customers and the wider community at risk. When you notify us of a potential problem, we will work with you to understand the scope, cause and impact of the issue.
Research rules
Do not access, change, delete or exfiltrate other people's data. Do not run destructive tests, denial-of-service tests, spam, phishing, malware, social engineering, physical attacks or tests against third-party systems. Stop testing and report promptly if you encounter customer data, secrets, credentials or service instability.
We do not offer a public bug bounty unless agreed in writing. We will try to acknowledge genuine reports promptly, investigate in good faith, and keep reporters updated where practical.
Thank you for your work and interest in making the community safer and more secure.
Security incidents
For urgent account compromise, exposed credentials, abuse, or suspected misuse of your service, contact [email protected] as soon as possible.