Security

ZUBACORE TECHNOLOGIES LTD takes the security and privacy of our website, our systems and the people who interact with us seriously. As a technology company that builds and operates digital platforms — including ZubaFix — we work to embed security and privacy considerations from the earliest stages of design.

This page describes Zubacore's general security approach as the parent company. The dedicated ZubaFix website, app and platform may publish additional security information that applies specifically to its customers, providers and other users.

For this website, we use measures appropriate to a UK technology company website, including:

• HTTPS / TLS encryption for traffic between your browser and our servers.
• Secure server and application configuration, with hardened defaults.
• Regular software updates, dependency monitoring and patching.
• Protections against unauthorised access and common web threats.
• Application-level monitoring and logging where appropriate.
• Routine, secure backups of website data where appropriate.

We protect personal data with appropriate technical and organisational controls, including:

• Limiting access to personal data to authorised people who need it for their role.
• Access controls, authentication and segregation of duties for internal systems.
• Secure processing and storage, with sensitive credentials kept out of source code.
• A privacy-conscious approach to system design and data minimisation.

More detail on what data we collect and how we use it is in our Privacy Policy.

Zubacore aims to build its platforms with security and privacy in mind from day one. This includes secure software-development practices, code review, dependency hygiene, secrets management and a preference for trusted, well-maintained third-party providers.

ZubaFix, as a platform owned by Zubacore, may include additional security controls and dedicated security documentation on its own website, app or platform when it is live.

For our platforms, we apply security principles such as:

• Secure login processes and protected credentials.
• Strong password and authentication standards.
• Role-based access control, with separation between customer, provider, business owner, staff/team member and admin roles where applicable.
• Restricting users to the information and features that are relevant to their role.
• Session protection and time-limited authentication where appropriate.

The full set of platform-level access controls for ZubaFix will be described separately on the dedicated ZubaFix platform when live.

Where our platforms involve service providers, we may use verification, onboarding checks, compliance reviews and ongoing monitoring as appropriate. The exact checks may vary by platform, role and risk level.

We do not claim that every provider has been fully verified at all times. Verification details for ZubaFix providers will be described on the dedicated ZubaFix platform when live.

Where our platforms support payments, payments are intended to be processed by trusted third-party payment providers that meet recognised industry standards (such as PCI-DSS). Zubacore does not aim to store full card details on its own systems.

Specific payment flows, providers and protections will be described on the dedicated ZubaFix platform when live.

Internally we follow operational security practices, including:

• Limiting administrative access to a small number of authorised people.
• Granting access on a least-privilege, need-to-know basis.
• Reviewing suspicious activity and audit logs where applicable.
• Maintaining sensible operational security and confidentiality practices for staff and contractors.

If we identify or are made aware of a security issue, we will investigate it, take reasonable steps to reduce risk, protect users and meet our legal and regulatory obligations — including any notification duties under UK GDPR. Where appropriate, we will inform affected individuals and the Information Commissioner's Office.

If you believe you have found a security vulnerability in this website or any system operated by Zubacore, please report it responsibly to hello@zubacore.co.uk.

We ask security researchers and users to:

• Give us a reasonable opportunity to investigate and respond before public disclosure.
• Avoid exploiting, damaging, accessing, altering or disclosing data without explicit permission.
• Avoid degrading the availability of our services.
• Provide clear, reproducible details so we can fix issues quickly.

We're grateful for responsible reports and will do our best to acknowledge and resolve valid issues promptly.

To protect yourself online, we encourage you to:

• Use strong, unique passwords and a password manager where possible.
• Keep your login details confidential and never share them.
• Be cautious of suspicious links, attachments or messages claiming to be from Zubacore or ZubaFix.
• Report suspicious activity to hello@zubacore.co.uk.
• Use only official Zubacore and (when live) ZubaFix channels to interact with us.
• Avoid sharing personal or payment information outside official channels.