Security

Last updated: January 4th, 2026

How to Report a Security Issue

Use the regular issue tracker for reports that do not need to be kept private.

For security-sensitive issues, email our security team at security@979.st. For greater confidentiality, you may encrypt your report using our PGP key.

Our Process

When you submit a vulnerability report, our security team will:

• Acknowledge and review the report, assign a severity rating, and deploy a fix to the userbase. This typically takes between 14 and 90 days.

• Work with you to establish a coordinated disclosure date for your research.

Safe Harbor

We view security research conducted in good faith as beneficial to the community. We will not take legal action against researchers who follow this policy and act responsibly to avoid privacy violations, data destruction, or service disruption.