Security
We appreciate responsible disclosure. If you find a security issue in GitNotifier, please report it privately and we will investigate quickly.
Report a vulnerability
Email us at [email protected] with details, reproduction steps, and any proof-of-concept.
Disclosure and safe harbor
Please keep findings confidential until we resolve the issue. Do not publicly disclose details without written approval.
If you act in good faith and follow this policy, we will not pursue legal action for your research.
Response expectations
We aim to acknowledge reports within 3 business days and share status updates as remediation progresses.
We do not currently run a public bug bounty program, but we may recognize impactful reports at our discretion.
Related security resources
- Privacy Policy for details about what data GitNotifier stores, how it is used, and how deletion works.
- Security & Privacy Docs for OAuth protections, webhook validation, and token handling details.
- Slack Permissions for the Slack scopes GitNotifier requests and why they are needed.
Last updated: March 1, 2026