HeatScribe Security Contact


Last updated: 2026-05-19


HeatScribe welcomes good-faith reports about suspected security vulnerabilities, privacy incidents, or suspicious activity affecting HeatScribe.

For launch, HeatScribe is operated by Andrew Geddes, carrying on business as HeatScribe.

Security reports may be sent to:

  • hello@heatscribe.com

1. What To Report

Please email HeatScribe if you believe you have found:

  • a security vulnerability in the HeatScribe app

  • a security issue on the HeatScribe website

  • a problem with license activation, checkout, or download flows that could expose or misuse user information

  • accidental exposure of diagnostic logs, license information, contact information, report data, images, project files, or client data

  • suspicious license activity, payment activity, impersonation, phishing, or abuse involving HeatScribe

  • a security issue involving an official HeatScribe download, update, or distribution package

2. What To Include

Please include as much of the following as you reasonably can:

  • a short description of the issue

  • the HeatScribe app version, if relevant

  • your macOS version and Mac model, if relevant

  • the affected website page, file, feature, or workflow

  • steps to reproduce the issue

  • screenshots, logs, or proof-of-concept details, if safe to share

  • whether you believe any personal information, inspection data, project data, or client data may be affected

  • your preferred contact email for follow-up

3. Sensitive Information

Do not send passwords, full payment-card details, private keys, client files, inspection images, project files, or other sensitive material unless HeatScribe specifically asks for it.

If a screenshot, log, diagnostic bundle, or proof of concept contains sensitive information, please redact what is not needed to understand the issue.

At launch, HeatScribe does not publish a dedicated PGP key or encrypted reporting channel. If you need to share unusually sensitive information, email first with a high-level description so a safer handling method can be arranged if needed.

4. Good-Faith Testing

When investigating or reporting a security issue, please act in good faith.

Do not:

  • access, modify, delete, or disclose another person's data

  • disrupt HeatScribe services, checkout, licensing, or support systems

  • use social engineering, phishing, or physical attacks

  • run destructive tests

  • publicly disclose an unresolved issue before HeatScribe has had a reasonable chance to review it

  • use a vulnerability to obtain more information than is necessary to demonstrate the issue

HeatScribe does not currently operate a bug bounty program and does not promise payment or compensation for security reports.

5. Response And Handling

HeatScribe will review good-faith security reports and prioritize them based on likely impact, exploitability, affected users, and available mitigation options.

HeatScribe will make reasonable efforts to acknowledge security reports within a few business days, but does not guarantee a fixed response or remediation timeline.

HeatScribe may ask for additional information, provide status updates where practical, and take steps such as fixing the issue, changing documentation, revoking exposed credentials, adjusting license/download flows, or notifying affected users if appropriate.

6. Privacy

Information submitted in a security report will be used to review, investigate, mitigate, and communicate about the reported issue.

HeatScribe's broader handling of personal information is described in the Privacy Policy:

  • https://heatscribe.com/privacy