We take security seriously — especially since the core promise of messagetolink is that no data is ever sent to any server.
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public issue.
- Email us at: mochafreddo@gmail.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge your report within 48 hours and work with you to understand and address the issue.
The following are in scope:
- Any code that could cause data to be transmitted externally
- XSS or injection vulnerabilities in message rendering
- Encryption implementation weaknesses
- Privacy-compromising behaviors
We appreciate responsible disclosure and will credit reporters (with permission) in our release notes.