Last updated: 2026-05-05
Pidgin appreciates security researchers who help us keep our users safe. This page describes our coordinated disclosure process.
In scope:
Out of scope:
Email security@pidgin.sh with:
We aspire to acknowledge reports within 7 days and will keep you updated as we work on a fix.
If you act in good faith, comply with this policy, and avoid privacy violations and service disruption, Pidgin will not pursue legal action against you for your research. We will work with you to understand the issue and resolve it.
Pidgin does not currently offer monetary rewards. We will credit researchers who help us fix issues, with their permission.