Sanity takes security and privacy reports seriously.

For all findings, we ask the researchers to use a structured report similar to OpenSSF's vulnerability_report.md, and send it via email to security@sanity.io.

We will work with the reporting party to fix the findings, and commit to publicly crediting the issues when possible. Maintaining a healthy relationship with the security community is very important for us, and we will strive to be as transparent and communicative as we can be during this process.

Thank you for your help in making Sanity safer to use for everyone!

Sanity has a bugbounty program: http://sanity.io/bugbounty - please read the policy and submit as you see fit!

Thank you,

For questions or comments on this policy, reach out to security@sanity.io