Security
Last updated: 31 May 2026
CountedDays is an offline-first iPhone app by Elpax AB. It has no account system, no analytics, no advertising SDK, and no custom backend. Security updates are delivered through the App Store or TestFlight.
Report a vulnerability
If you believe you have found a security vulnerability in CountedDays, please email counteddays@elpax.se.
Please include:
- the affected CountedDays version or build number;
- the iOS version and device model, if relevant;
- a clear description of the issue and its security impact;
- steps to reproduce or a proof of concept;
- whether you believe the issue is being actively exploited.
Coordinated disclosure
Please do not publicly disclose exploit details until we have investigated and, where needed, released a fix. We aim to acknowledge credible reports within 3 business days and will coordinate disclosure timing with reporters where contact details are provided.
There is currently no paid bug bounty program. Good-faith security research is welcome when it avoids privacy violations, data destruction, service disruption, social engineering, and access to data that is not your own.
Supported versions
The current CountedDays iOS product line is supported for vulnerability handling and free security updates while it remains available on the App Store. Users should run the latest available App Store or TestFlight build on an Apple-supported iOS version.
Before the Cyber Resilience Act product-support obligations generally apply on 11 December 2027, Elpax AB will publish a specific support-period policy for each release line.
If a vulnerability affects supported users, the security update will be distributed through Apple's normal app update mechanism. Fixed vulnerabilities may be listed on this page when user action or public coordination is needed.
Security advisories
No CountedDays security advisories have been published.
Security.txt
The vulnerability contact is also available at /.well-known/security.txt.