SnapsX takes security seriously. We accept good-faith vulnerability reports at [email protected]. We aim to acknowledge reports within 3 business days and confirm or remediate within 30 days. Encryption at rest uses AES-256-GCM for all OAuth tokens; transport uses HTTPS with TLS 1.2 or higher.
Reporting a vulnerability
- Email: [email protected]
- Response time: 3 business days for acknowledgement; remediation within 30 days
- Coordinated disclosure preferred
- Out of scope: DDoS, social engineering, physical attacks, and automated-scanner reports without a working proof of concept
Sub-processors and retention
See snapsx.app/privacy for the list of sub-processors and the 90-day retention window for activity-log data.
Machine-readable disclosure
This page is referenced by /.well-known/security.txt per RFC 9116.