Escribolt

Last updated: June 5, 2026

We take the security of our systems and users' privacy seriously. As a local-first application with open-source desktop clients and managed backend relays, we value input from the security community. If you have discovered a security vulnerability in Escribolt, we appreciate your help in disclosing it to us responsibly.

Guidelines

To protect our users and infrastructure, we require that all security researchers adhere to the following principles:

  • Make every effort to avoid privacy violations, degradation of our users' experience, disruption to production systems, and destruction of data during security testing.
  • Perform research only within the defined scope set out below.
  • Use our designated secure communication channels to disclose vulnerability details to us.
  • Keep information about any vulnerabilities you have discovered confidential between yourself and Escribolt until we have had 90 days to resolve the issue.

Safe Harbor

If you follow these guidelines when reporting an issue, Escribolt commits to:

  • Not pursuing or supporting any legal action (civil or criminal) related to your security research.
  • Working with you to understand and resolve the issue quickly.

In-Scope Assets

The following domains and services are within the scope of this disclosure program:

  • escribolt.com
  • docs.escribolt.com
  • api.escribolt.com
  • Our desktop client application source code

Out of Scope

Any services hosted or provided by third-party vendors are excluded from this program. These include, but are not limited to:

  • Our third-party cloud hosting and VPS infrastructure
  • Stripe payment portals and API endpoints
  • Deepgram, OpenAI, Anthropic, or Gemini API endpoints
  • GitHub repository management platforms

How to Report a Security Vulnerability

If you believe you have found a security vulnerability in Escribolt that falls within the bounds of this program, please email us at security@escribolt.com.

Please include:

  • A detailed description of the vulnerability and its potential impact.
  • Clear, step-by-step instructions or proof-of-concept (PoC) code to reproduce the issue.
  • Details of the environment in which you tested the vulnerability.