Security Policy

Rogue Chat is committed to protecting user data and operating the service responsibly. This Security Policy explains how to report security issues and summarizes the security practices we use for the service.

If you believe you have found a vulnerability in Rogue Chat, email support@roguechat.ai with the subject line "Security report". Include a clear description, steps to reproduce the issue, any relevant screenshots or logs, and your contact information for follow-up.

Please do not publicly disclose a vulnerability before we have had a reasonable opportunity to investigate and address it. Please do not access, modify, delete, or exfiltrate data that does not belong to you.

We welcome good-faith security reports. Good-faith testing should be limited to your own account and should avoid privacy violations, service disruption, spam, social engineering, physical attacks, denial-of-service testing, or attempts to access another user account or data.

At this time, Rogue Chat does not offer a paid bug bounty program. We may acknowledge helpful reports at our discretion if you want credit.

Rogue Chat uses TLS for data in transit, trusted authentication providers for account access, signed webhook verification for webhook traffic, access controls for production systems, and operational logging for reliability and abuse prevention.

We collect only the account and messaging data needed to provide and operate the service, and we use service providers such as Clerk, Meta/WhatsApp, OpenAI, AWS, Supabase, and Vercel to deliver the product.

Keep your Google, WhatsApp, and other connected accounts secure. Use strong authentication, enable multi-factor authentication where available, and do not share authorized sessions or account access.

If you believe your Rogue Chat account or a connected account has been compromised, contact support@roguechat.ai promptly.

We may update this Security Policy as the service changes. When we do, we will update the date at the top of this page.