Security

Security and responsible disclosure.

If you find a security issue in a Synapse Tools product, this page is the public place to report it and understand what kind of information helps us respond quickly.

Single security contact path Responsible disclosure preferred Public claims should match shipped behavior
Report an issue

How to contact us

  • Email [email protected] with subject line Security Report.
  • Tell us which product is affected and why you believe it is security-sensitive.
  • Include steps to reproduce, impact, and any screenshots or logs that help explain the issue.
Responsible disclosure

How to share sensitive details

  • Please avoid public disclosure until the report is acknowledged and reviewed.
  • Use encrypted or access-controlled sharing when proof material is sensitive.
  • If a report needs special handling, note that clearly in the email.
Security principles

What we aim for

  • Public claims should stay aligned with the shipped product.
  • Permissions and integrations should be explainable in plain language.
  • Local-first product behavior is preferred where it fits the feature.
What helps most

A good report usually includes

  • Product name and version.
  • Environment details like browser or OS when relevant.
  • Clear reproduction steps and expected vs actual behavior.
  • A short impact summary.
Need general help?

Use the normal support path for non-security issues.

If your issue is not security-sensitive, use the support page so product questions and standard bug reports go through the normal help path.