> ## Documentation Index
> Fetch the complete documentation index at: https://docs.granola.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Vulnerability Disclosure Policy

We take our systems’ security seriously, and we value input from the security community. If you’ve discovered a vulnerability, we appreciate your help in disclosing it to us.

# Guidelines

We require that all researchers:

* Make every effort to avoid privacy violations, degradation of our user’s experience, disruption to production systems, and destruction of data during security testing

* Perform research only within the scope set out below

* Use the identified communication channels to disclose vulnerability information to us

* Keep information about any vulnerabilities you’ve discovered confidential between yourself and us until we’ve had 90 days to resolve the issue

# **Safe Harbor**

If you follow these guidelines when reporting an issue to us, we commit to:

* Not pursue or support any legal action related to your research

* Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission)

# **Within scope**

The following services are within the scope of this disclosure program:

* [notes.granola.ai](http://notes.granola.ai "http://notes.granola.ai")

* [api.granola.ai](http://api.granola.ai "http://api.granola.ai")

* [granola.ai](http://granola.ai "http://granola.ai")

# **Outside of scope**

Any services hosted by third-party providers are excluded from the scope. These providers include, but are not limited to:

* Google

* Plain

* Vercel

* Amplitude

* Sentry

# How to report a security vulnerability?

If you believe you’ve found a security vulnerability in one of our products or platforms that is within the bounds of this program, please contact us at [**security@granola.so**](mailto:security@granola.so "mailto:security@granola.so") with a detailed description of the vulnerability and steps to reproduce it.