Responsible Disclosure

We welcome responsible security research on NullPad. If you discover a vulnerability, please report it to security@nullpad.app.

Researchers who discover and responsibly disclose flaws will be recognized in our Acknowledgements section on the documentation home page.

• All reports will be acknowledged and handled as promptly as possible.

Scope

• In scope: The NullPad web client and its features.
• Out of scope: Third-party services (Firebase, Cloudflare).

Acceptable Use

While we encourage research, please adhere to the following guidelines:

• No DDoS: Any action that compromises the functioning of the application (e.g., Distributed Denial of Service) is strictly prohibited.
• Data Integrity: Do not attempt to damage or compromise the availability and integrity of user data or application state.
• Infrastructure: Refrain from attempting to break the underlying application infrastructure or server-side components.
• Privacy: Respect user privacy. If you accidentally access data that is not yours, please stop and report it immediately.