Sanity takes security and privacy reports seriously.

For all findings, we ask the researchers to use a structured report similar to OpenSSF's vulnerability_report.md, and send it via email to security@sanity.io.

We will work with the reporting party to fix the findings, and commit to publicly crediting the issues when possible. Maintaining a healthy relationship with the security community is very important for us, and we will strive to be as transparent and communicative as we can be during this process.

Thank you for your help in making Sanity safer to use for everyone!

Sanity does not have a formal bug bounty program at the moment, but we do consider all reports for rewards when the quality and impact is high enough.

Thank you,

For questions or comments on this policy, reach out to security@sanity.io