Security at Ezmon

All traffic between your browser, our API, and our monitoring agents is encrypted with TLS 1.2 or higher. We enforce HSTS and redirect all plain HTTP.

Passwords are hashed with bcrypt at cost factor 12. We never store or log plaintext passwords.

Production databases are not publicly accessible. Access is restricted to named engineers via MFA-gated SSH tunnels. Connection credentials rotate automatically.

We use automated tooling to scan for known CVEs in our dependencies and apply patches within 48 hours for critical vulnerabilities.

We use Ezmon to monitor Ezmon. Uptime and incident history is visible on our public status page.

Found a vulnerability?

We welcome responsible disclosure. If you discover a security issue affecting Ezmon or our users, please report it privately before making it public. We aim to acknowledge reports within 24 hours and resolve confirmed issues within 90 days.

Please include steps to reproduce, potential impact, and your contact information. We do not take legal action against researchers who act in good faith.