Skip to content

Security: shipiit/snappilot

Security

SECURITY.md

Security Policy

Our commitment

Snappilot is designed to be private by default:

  • 100% on-device. Captures, recordings, and OCR never leave your Mac.
  • No telemetry, no accounts, no third-party servers.
  • OCR runs locally via Apple's Vision framework.

Supported versions

Version Supported
0.1.x

We support the latest released version. Please update before reporting an issue.

Reporting a vulnerability

Please do not open a public issue for security vulnerabilities.

Instead, report privately via GitHub's Report a vulnerability (Security → Advisories), which creates a private advisory only maintainers can see.

Please include:

  • A description of the issue and its impact
  • Steps to reproduce (a proof-of-concept if possible)
  • Affected version and your macOS version

What to expect

  • Acknowledgement within a few days.
  • We'll investigate, keep you updated, and coordinate a fix and disclosure timeline.
  • Credit in the release notes (if you'd like).

Scope

In scope: the Snappilot app and the code in this repository. Out of scope: issues in Apple's frameworks/OS, or third-party dependencies (report those upstream).

Thank you for helping keep Snappilot and its users safe. 🔒

There aren't any published security advisories