Back to Home

Security & Vulnerability Disclosure

At Cluttr, we take the security of our users' notes and data extremely seriously. We welcome the security community to report any vulnerabilities through our VDP.

How to Report a Vulnerability

If you believe you have discovered a security vulnerability, please do not disclose it publicly. Instead, email us directly with a detailed proof of concept.

cluttrai@gmail.com
In-Scope Assets
  • cluttrai.vercel.app
  • *.cluttrai.vercel.app
In-Scope Vulnerabilities

We accept all vulnerability reports that could compromise the confidentiality or integrity of user data.

If a vulnerability is not explicitly listed in the Out-of-Scope section, it is considered In-Scope.

Examples include, but are not limited to: XSS, CSRF, SSRF, SQLi, and Auth bypasses.

Out-of-Scope Vulnerabilities
  • Volumetric / Denial of Service (DoS/DDoS)
  • Social Engineering & Phishing
  • Self-XSS
  • Missing security headers (without a PoC)
  • Issues related to third-party services (e.g., Supabase, Vercel)

Hall of Fame

We deeply appreciate the efforts of security researchers who help keep Cluttr safe. Valid vulnerability reports are eligible for recognition in our official Hall of Fame.

View Hall of Fame