SharetoBoard
Security

Responsible disclosure.

Found a security issue in the SharetoBoard Android app or this website? Thanks for telling us. Here's how to do it safely and what you can expect in return.

Last updated: 2026-04-21. See also /.well-known/security.txt.

How to report

Email security@sharetoboard.com with:

  • A clear description of the issue and why it matters
  • Steps to reproduce (URLs, APK build, Android version)
  • Any proof-of-concept, logs, or screenshots
  • Your preferred contact and whether you want credit

If you need to send sensitive material, ask for a PGP key in your first message and we'll reply with one.

What we commit to

  • Acknowledge your report within 3 business days.
  • Keep you updated with a realistic timeline as we investigate.
  • Fix confirmed issues as quickly as the severity warrants and ship a patch via Google Play.
  • Credit you publicly (with your permission) once the fix is live.
  • Never pursue legal action against good-faith researchers who follow this policy.

In scope

  • The SharetoBoard Android app (com.stb.sharetoboard) from Google Play
  • sharetoboard.com and its subdomains we operate
  • The Notion OAuth endpoints at /api/notion/*
  • Data handling described in our Privacy Policy

Out of scope

  • Third-party services we don't control (Poppy, Notion, Google Play, ThriveCart, Vercel)
  • Vulnerabilities that require a rooted / compromised device
  • Rate-limit or best-practice issues with no demonstrated impact
  • Reports from automated scanners without validation
  • Social engineering of the maintainer or users

Please do not

  • Access, modify, or delete data that isn't yours
  • Run automated scanners that generate significant traffic
  • Attempt denial-of-service, spam, or phishing
  • Publish the issue before a fix is available and we've agreed on a disclosure date

Safe harbor

If you act in good faith, follow this policy, stop at proof-of-concept, and don't harm users or data, we will not consider your research a violation of our Terms of Use and will not pursue legal action. This is not a paid bug bounty, but credit and our sincere thanks are guaranteed.

Email security@sharetoboard.com View security.txt