Responsible Disclosure
We value the work of security researchers who help us keep our platform and users safe.
Grounded Scribe takes the security of our platform and our users' data seriously. We value the work of security researchers who help us identify and fix vulnerabilities. If you've discovered a security issue, we encourage you to report it responsibly.
How to Report
Send your report to security@groundedscribe.com. Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any supporting evidence (screenshots, proof of concept)
We use PGP encryption for sensitive reports. Contact us for our public key.
What to Expect
Acknowledgement
We will acknowledge your report within 2 business days.
Investigation
We will investigate and provide status updates as we work through the issue.
Resolution
We aim to resolve confirmed vulnerabilities promptly.
Credit
We will credit you (if desired) once the issue is resolved.
Scope
In Scope
- groundedscribe.com and all subdomains
- API endpoints
- Authentication and authorisation systems
- Data exposure vulnerabilities
Out of Scope
- Denial of service attacks
- Social engineering / phishing
- Physical attacks
- Third-party services and applications
- Automated scanning without prior approval
Our Commitment
We will not pursue legal action against researchers who:
- Act in good faith and follow this policy
- Avoid accessing, modifying, or deleting other users' data
- Do not disclose the vulnerability publicly before we've had reasonable time to address it
- Do not exploit the vulnerability beyond what is necessary to demonstrate it
Safe Harbour
We consider security research conducted in accordance with this policy to be authorised and will not pursue civil or criminal action against researchers who comply with these guidelines.
Recognition
We maintain a security acknowledgements page for researchers who responsibly disclose valid vulnerabilities. We do not currently offer monetary bounties, but may do so in the future.
Last updated: 29 March 2026