# Security Policy

## Reporting a Vulnerability

We take security seriously at Cryptomator. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security vulnerability, please use the [GitHub Security Advisory feature](https://github.com/cryptomator/cryptomator/security/advisories). This feature allows you to privately discuss, fix, and publish information about security vulnerabilities.

If you prefer to report the vulnerability via email, please send an email to security@cryptomator.org.

PGP key fingerprint: `3647 9903 B23A E0A5 9359  9A3E 23B5 DBEF 94D4 D81D` ([public key](https://gist.github.com/cryptobot/864300b6b44ae2d2a15abedfe14bd040))

## Expectations

When reporting a vulnerability, please provide us with a detailed report that includes:

- A description of the vulnerability
- Steps to reproduce the vulnerability
- Possible impact of the vulnerability
- Any additional information that may be helpful

We ask that you do not publicly disclose the vulnerability until we have had a chance to address it.

## Thank You

We appreciate your help in keeping Cryptomator secure. Thank you for your contributions to the security of our project.