Vulnerability Disclosure Policy
PasteProof takes security seriously. We appreciate the work of security researchers who help keep our users safe.
Report a Security Issue
If you've discovered a security vulnerability, please email us at:
security@pasteproof.comPlease include "Security Report" in the subject line
Scope
✅ In Scope
- •pasteproof.com (web application)
- •api.pasteproof.com (API)
- •PasteProof browser extension (Chrome, Firefox, Edge)
- •PasteProof Slack app
❌ Out of Scope
- •Third-party services we use (report to them directly)
- •Social engineering attacks
- •Denial of service attacks
- •Physical attacks
How to Report
Email security@pasteproof.com with the following information:
Description of the vulnerability
Explain what the vulnerability is and how it works
Steps to reproduce
Detailed steps we can follow to reproduce the issue
Potential impact
What could an attacker do with this vulnerability?
Your suggested fix (optional)
If you have ideas on how to fix it, we'd love to hear them
What to Expect
| Timeline | Action |
|---|---|
| 24 hours | We acknowledge your report |
| 7 days | We provide an initial assessment |
| 90 days | We aim to fix critical/high severity issues |
Rules of Engagement
- ⚠️Do not access, modify, or delete data belonging to other users
- ⚠️Do not degrade service performance
- ⚠️Do not publicly disclose until we've had reasonable time to fix
- ⚠️Act in good faith
Safe Harbor
We will not pursue legal action against researchers who:
- •Act in good faith and follow this policy
- •Avoid privacy violations and data destruction
- •Report vulnerabilities promptly and privately
Recognition
We maintain a hall of fame for researchers who report valid vulnerabilities. If you'd like to be listed, let us know how you'd like to be credited.
No Bounties (Yet)
We don't currently offer monetary rewards, but we deeply appreciate your contributions and will publicly credit you (with permission).
Thank you for helping keep PasteProof and our users secure.
Report a Vulnerability