Security
Security disclosure
If you've found a security issue in any Embroid product, we want to know. This page explains how to report it and what to expect from us.
Reporting vulnerabilities
Email us at nick@embroid.co with a clear description, steps to reproduce, and the affected product.
Supported products
Embroid Client, Embroid Basic, Embroid Pro, and the hosted cloud dashboard are in scope.
Responsible disclosure
Give us a reasonable window to remediate before public disclosure. We'll acknowledge your report, keep you informed, and credit you for the fix if you want public recognition.
Security model
The platform-level security model (leases, typed capabilities, binary validation, audit logs, rollback) is documented on our platform security page.