CountedDays app icon CountedDays

Security

Last updated: 31 May 2026

CountedDays is an offline-first iPhone app by Elpax AB. It has no account system, no analytics, no advertising SDK, and no custom backend. Security updates are delivered through the App Store or TestFlight.

Report a vulnerability

If you believe you have found a security vulnerability in CountedDays, please email counteddays@elpax.se.

Please include:

Coordinated disclosure

Please do not publicly disclose exploit details until we have investigated and, where needed, released a fix. We aim to acknowledge credible reports within 3 business days and will coordinate disclosure timing with reporters where contact details are provided.

There is currently no paid bug bounty program. Good-faith security research is welcome when it avoids privacy violations, data destruction, service disruption, social engineering, and access to data that is not your own.

Supported versions

The current CountedDays iOS product line is supported for vulnerability handling and free security updates while it remains available on the App Store. Users should run the latest available App Store or TestFlight build on an Apple-supported iOS version.

Before the Cyber Resilience Act product-support obligations generally apply on 11 December 2027, Elpax AB will publish a specific support-period policy for each release line.

If a vulnerability affects supported users, the security update will be distributed through Apple's normal app update mechanism. Fixed vulnerabilities may be listed on this page when user action or public coordination is needed.

Security advisories

No CountedDays security advisories have been published.

Security.txt

The vulnerability contact is also available at /.well-known/security.txt.