VaultKeepR
English·Français

Security

Last updated: March 2025

Reporting a vulnerability

Please do not open a public issue for undisclosed security vulnerabilities. We treat reports in good faith seriously.

Use the contact channels described in our Privacy Policy (section Contact) or the website operator for this deployment.

Include the affected surface (web app, extension, API, cryptography), a short description, and reproduction steps if possible. For the open-source repository, see also SECURITY.md at the project root.

Scope

Examples of in-scope topics:

  • Vault encryption, key derivation, or serialization in client code and shared libraries.
  • Wallet signing, delegations, or abuse of sync / vault-CID APIs.
  • Browser extension isolation, content scripts, or messaging boundaries.
  • Server-side handling of ciphertext, signatures, or metadata that could weaken user security.

What to expect

We aim to acknowledge receipt within a few business days. This page does not constitute a paid bug bounty program unless we publish one separately.

Privacy PolicyTerms of ServiceDocumentation← Back to home