Security Policy

EZ Virtual Tools welcomes responsible disclosure of security issues affecting any of our 45 industry calculator sites.

Contact

Email: security@ezvirtualtools.com
Languages: English
Response time: We aim to acknowledge reports within 5 business days.

Scope

All domains under ezvirtualtools.com including the 45 industry subdomains and the hub at hub.ezvirtualtools.com.

What We're Interested In

Cross-site scripting (XSS), CSRF, SQL injection, RCE
Authentication or authorization bypass
Calculator logic vulnerabilities that produce dangerously wrong results in safety-critical scenarios
Sensitive data exposure
Server misconfigurations

Out of Scope

Best-practice findings without proof of exploit
Issues in third-party services (e.g., Google Fonts, Cloudflare)
Self-XSS or social-engineering attacks
Rate-limiting / brute-force on public endpoints

Safe Harbor

We will not pursue legal action against researchers who:

Make a good-faith effort to avoid privacy violations and disruption
Do not exploit issues beyond what's necessary to demonstrate the vulnerability
Provide a reasonable disclosure timeline before going public

Last updated: 2026-05-27

← Back to Hub