We take security seriously at Cryptomator. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security vulnerability, please use the GitHub Security Advisory feature. This feature allows you to privately discuss, fix, and publish information about security vulnerabilities.

If you prefer to report the vulnerability via email, please send an email to security@cryptomator.org.

PGP key fingerprint: 3647 9903 B23A E0A5 9359  9A3E 23B5 DBEF 94D4 D81D (public key)

When reporting a vulnerability, please provide us with a detailed report that includes:

• A description of the vulnerability
• Steps to reproduce the vulnerability
• Possible impact of the vulnerability
• Any additional information that may be helpful

We ask that you do not publicly disclose the vulnerability until we have had a chance to address it.

We appreciate your help in keeping Cryptomator secure. Thank you for your contributions to the security of our project.