We take security seriously. If you find a vulnerability in SafeLayer, we want to know about it.
How to report
Email security@safelayer.app with a description of the vulnerability, steps to reproduce, and potential impact. We will acknowledge receipt within 48 hours.
What we ask
- Give us reasonable time to fix the issue before disclosing publicly.
- Do not access or modify user data beyond what is necessary to demonstrate the vulnerability.
- Do not perform denial-of-service attacks, spam, or social engineering.
What we commit to
- We will acknowledge your report within 48 hours.
- We will keep you informed as we work on a fix.
- We will not take legal action against researchers acting in good faith.
- We will credit you in our security acknowledgments, if you wish.
Scope
In scope: safelayer.app web app, SafeLayer API, SafeLayer Shield extension. Out of scope: third-party services (Supabase, Stripe, Resend).