Please read the following and report vulnerability and bugs to [email protected]. We can provide a gpg key if privacy is preferred.
Scratchpad takes the security and privacy of its systems very seriously. While we support the responsible disclosure of bugs and issues, we hope that you can adhere to following policies.
We offer cash bounties on bugs and vulnerabilities that vary based on proven impact.
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
We'd like to ask you to refrain from trying:
Denial of service
Social engineering (including phishing) of Scratchpad staff or contractors
Any physical attempts against Scratchpad property or data center
Thank you for helping keep Scratchpad and our users safe!