Security
We take the security of Sidenote and our users' data seriously. If you believe you've found a security vulnerability, we welcome your report and will work with you to understand and resolve it quickly.
1. Reporting a vulnerability
Email us at support@getsidenote.app. Please include:
- A description of the issue and its potential impact
- Step-by-step instructions to reproduce it
- Any proof-of-concept code, screenshots, or logs that help
- The affected URL, page, or component
Please don't disclose the issue publicly until we've had a reasonable opportunity to address it.
2. What to expect from us
- We'll acknowledge your report within three business days.
- We'll keep you informed as we investigate and work toward a fix.
- We'll let you know when the issue is resolved, and we're happy to credit you for the discovery if you'd like.
3. Safe harbour
We won't pursue or support legal action against anyone who reports a vulnerability in good faith, provided they:
- Respect user privacy and don't access, modify, or delete other people's data
- Avoid actions that could degrade, disrupt, or destroy the service or its data
- Don't exfiltrate data beyond the minimum needed to demonstrate the issue
- Give us reasonable time to remediate before any public disclosure
4. Out of scope
Reports that generally fall outside this policy include: findings from automated scanners without demonstrated impact, missing security headers with no practical exploit, denial-of-service or volumetric testing, social engineering or phishing of our staff or users, and vulnerabilities in the third-party services we rely on (please report those to the relevant provider).
5. Related
For how we collect, store, and delete data, see our Privacy Policy.