Skip to content

Security: Spotas/Ai-rewrite

Security

SECURITY.md

Security Policy

Supported Versions

We actively support the following versions of AI Text Rewriter Pro:

Version Supported
2.1.x
2.0.x
< 2.0

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security vulnerability, please report it to us responsibly.

How to Report

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via:

  • Email: [email protected]
  • Subject line: "SECURITY: [Brief description of vulnerability]"

What to Include

Please include the following information:

  • Type of vulnerability (e.g., data exposure, injection, etc.)
  • Steps to reproduce the vulnerability
  • Potential impact of the vulnerability
  • Any suggested mitigation or fix

Response Timeline

  • Acknowledgment: We'll acknowledge your report within 48 hours
  • Initial Assessment: We'll provide an initial assessment within 5 business days
  • Resolution: We'll work to resolve critical vulnerabilities within 30 days

Responsible Disclosure

We ask that you:

  • Give us reasonable time to investigate and fix the issue
  • Don't access, modify, or delete user data
  • Don't disclose the vulnerability publicly until we've had a chance to fix it
  • Don't spam or DoS our services during your research

Recognition

We appreciate security researchers who help keep our users safe. With your permission, we'll acknowledge your contribution in our security advisories and release notes.

Security Measures

This extension implements several security measures:

Data Protection

  • API keys are stored locally in browser storage only
  • No user data is sent to our servers
  • Text processing happens through Google's secure API endpoints
  • No third-party analytics or tracking

Code Security

  • Content Security Policy implementation
  • Input validation and sanitization
  • Secure API communication over HTTPS
  • Regular dependency updates

Privacy

  • No user tracking or analytics collection
  • No data sharing with third parties
  • Open source code for transparency
  • Local storage only for user settings

Best Practices for Users

  • Keep your API key secure and don't share it
  • Only install the extension from official sources
  • Regularly update to the latest version
  • Report any suspicious behavior immediately

For general questions about security, contact: [email protected]

There aren’t any published security advisories