If you discover a security vulnerability, please email us at security@gitclear.com. Upon discovering a vulnerability, we ask that you act in a way to protect our users' data:

Inform us as soon as possible.

Test against fake data and accounts, not our users' private data (please ask if you'd like a free account to work on this).

Work with us to close the vulnerability before disclosing it to others

We guarantee response within one business day, most likely much less.


If you would like to send an encrypted message, please sign using our public PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBF4fv4EBCADXdJp6Js9cqplvShgFGzNAK8PtYfJhjtw+9vTBu+MR97w4x0Fl
Q9VEbHSdF/OBLNDFszOeCEQ3SeHqoSOfsJMS8PO/ROP3SrUvRYWrIcOYUkR0sxg8
JChzT58S87fjGiZ1fuAyk+LKtb859JUzqGlDX2e2+baW6lPxXnv2Avl0cbLiv+a6
lVRmQzXBAsHgRWV3VoB3HLw+niKVy8UHH9Jgsc/Uyu9GPb7lh4FBFCVvgLES7mK9
0pq1rtHx9bCj9W+E9JLfvDpTvag0ldpQpcqKuYZMZcvmBRDA8SdTMkEXmUQUiRH6
pDUZxLX2sSm5B78SW4sqF/Xuhs+UFs/drtdRABEBAAG0IEJpbGwgSGFyZGluZyA8
YmlsbEBnaXRjbGVhci5jb20+iQFUBBMBCAA+FiEEoHNj2HR+aFrMpQEjMXVZ5QIa
fBYFAl4fv4ECGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQMXVZ
5QIafBbUUQf/a4ODpt9kNgpIWVtTVKGSHlTctrcEjfLqi/1bFienvhrW2omvq3Pr
qpYToUZ9qK1TfZcvnjh+0F5IWeiNhIl13kmII+19vbjri5iDNQ0up3tpMeu+hJX5
3RHT/3WwT3F6gI6f+r3iFlyy5xq+q6t7TitRPguuGQFm1VXabiTfNZxhLhPJQz6q
2GXR6fYgToc52CtIDMozNF3vmV7qeV4k5IOXmcN4yL51bf3muOGTYstmG4hZmJg4
NyCYOL5/0TxLMIPH9D1K4j3/0BdXBO9+9LdYD4HVLFG0PSGki/jrEdoEhWFJU9tO
ffnep82IuRVTJb1R+vSnbYZBB/buWHKCqLkBDQReH7+BAQgA5xOyz6J1SrYFim5X
ZXxblJfT4gwVhdfttugQ+p/7HpP9KlhEZhN+sVULR2A2nslFxMRtuk4Mtx1sWS/5
CyQmPFAHdITaig955pqighl5iv3ztDVgjdaUyveU/S3WTowDjKm/SP6H/PBFFL9G
miHJcA6KTLDU4eqRT//68LG4L/Yvc2jVF1NTNRKs0ZpzRNbqWoSp3g4u3lrrgbVg
0LTbHx7tKh+eKYI/roHaKZ5cqlD5yYLB2rrEzmvXPK9szujZh+7OQ25K9ObsRsMB
p/EMNnjEAAKXpwqG6t7zmJHca1Nhz+V1FVdJWCQp9cEsaQ8i3FeXF6Nj1SH3+SJP
bya2LwARAQABiQE8BBgBCAAmFiEEoHNj2HR+aFrMpQEjMXVZ5QIafBYFAl4fv4EC
GwwFCQPCZwAACgkQMXVZ5QIafBYTKAf+OYDxAvJ6fmAAuYakXqBs5I7ZjFJq7NnV
iXXXv2G1lkd5FrbeExeE5Q41l4UaNMEYphjXEconoMGza2DJABZm94RihKNI09Gd
v8W45RgfC7N05HSudLQYsHmLEdA6h+wPBKivEU72nM98cQKqi6byu6mbFgwCfxOg
dHdKt9G4E4+2HkDJc4BYcAHTqgsaOdOhHaqtdQCkDErxSwNMQXOEIPrHPkWs2zeZ
eRpzLx72FQ2J9zfJ46UWg6CmX7OE2vYByQGSVYKlDca0/HVhiIAM/sfLAZFXPVLO
bQvE6UxikoQQZ/NF5ljcxkkm3qZm3P1/F7X5axZCxFze+iaPAwbHsg==
=21ks

We are open to discussing payment to security testers who can present us with significant security vulnerabilities that we can verify exist in our product. Though we are still a relatively small company, we aim to make payouts in the $500-1000 range for valid issues brought to our attention. We are also open to publicly recognizing contributions made by security researchers who responsibly disclose improvement opportunities to us.