Last updated 2026-06-26
We take the security of GitSpider and your data seriously. If you believe you've found a security vulnerability, please report it โ we welcome good-faith research and will work with you to resolve it.
Email security@gitspider.com with a description of the issue, steps to reproduce, and its potential impact. Please don't open a public issue or disclose publicly before we've had a chance to fix it. We acknowledge reports within 3 business days and keep you updated through to resolution.
We will not pursue or support legal action against researchers who, in good faith: report promptly; make every effort to avoid accessing, modifying, or deleting data that isn't theirs; do not degrade, disrupt, or deny service to others; and give us a reasonable opportunity to remediate before any public disclosure. Activity consistent with this policy is considered authorized.
In scope: gitspider.com, the GitSpider GitHub App, and our Slack integration. Out of scope: the third-party platforms we build on (GitHub, Stripe, Slack, Resend, Fly.io, Neon, Cloudflare โ report vulnerabilities in those platforms to the respective vendor), social engineering, physical attacks, and denial-of-service / volumetric testing.
Accessing, modifying, or deleting data that isn't yours; degrading the service for others; spamming forms; and publicly disclosing a vulnerability before it's remediated.
Machine-readable contact details: /.well-known/security.txt (RFC 9116).
Questions or privacy / data-protection requests: privacy@gitspider.com