Radbrow Vulnerability Disclosure Policy

Last updated: 2026-07-04

Radbrow is a web browser for iOS built on an alternative (non-WebKit) browser engine. We take the security of the people who use it seriously, and we welcome reports from security researchers and other third parties. This policy explains how to report a vulnerability to us and what you can expect in return.

Scope

This policy covers the Radbrow browser application, its browser engine, and the services that directly support them. Reports about third-party services we do not operate are out of scope, though we are grateful to be told about them.

How to report

Email [email protected].

Please include enough detail for us to reproduce and assess the issue:

If you need to share sensitive material, say so in your first email and we will arrange a secure channel.

What you can expect from us

Our commitments

Safe harbour

If you make a good-faith effort to comply with this policy while researching and reporting a vulnerability, we will not pursue or support legal action against you for that research. Please avoid privacy violations, degradation of service, and destruction or exfiltration of data beyond the minimum necessary to demonstrate a vulnerability, and give us a reasonable opportunity to resolve the issue before disclosing it publicly.

Contact

Security reports: [email protected]