Legal

Security.

Last updated: June 7, 2026. Sindro LLC does not currently operate a paid bug-bounty program.

1. Report a Vulnerability

If you believe you found a security vulnerability, email security@sindro.llc with a clear description, affected URLs or app versions, reproduction steps, and any proof-of-concept material that helps us understand the issue.

We aim to acknowledge good-faith reports within two (2) business days. Remediation timelines vary depending on severity and complexity.

2. Scope

In scope: Sindro LLC websites, public Sindro product websites, and Sindro-distributed desktop applications.

Out of scope: denial-of-service testing, brute force, spam, social engineering, physical attacks, attacks on third-party providers, or activity that accesses, modifies, deletes, or exfiltrates user data without authorization.

3. Safe Harbor

Sindro LLC will not pursue legal action against security researchers who conduct good-faith research in accordance with this policy, avoid harm to users, respect privacy, and give us a reasonable opportunity to investigate before public disclosure.

4. Security Practices

We use reasonable safeguards such as encrypted transport, access controls, third-party payment processing, and local-first design where appropriate. No system can be guaranteed completely secure.

5. security.txt

We publish a security.txt file at /.well-known/security.txt.