Contact
TL;DR: Email [email protected] for help, [email protected] for vulnerability disclosure (PGP key at /.well-known/security.txt), and [email protected] for media. We are async-only and reply within one business day.
Contacting CookieVault is done by email, routed to the right inbox for your need. We are a small team that answers email personally — there is no live chat or phone line — and we aim to reply within one business day. The three addresses below cover support, security, and press; for code, GitHub is the fastest path.
Choose the right channel
In short: Support for help and billing, security for vulnerabilities, press for media, GitHub for bugs and contributions. Using the right channel gets you a faster, more accurate answer.
| Need | Channel | Typical response |
|---|---|---|
| Installation, billing, account recovery, bugs | [email protected] | 1 business day |
| Security vulnerability disclosure | [email protected] (PGP available) | 1 business day, acknowledged faster |
| Press, interviews, embargoed launches | [email protected] | 1-2 business days |
| Reproducible bugs, feature requests | GitHub Issues | Public discussion |
| Code contributions | GitHub Pull Requests | Reviewed per CONTRIBUTING.md |
Support
In short: [email protected] handles installation, billing, account recovery, and bug reports for both Editor and Guardian, across all six supported browsers.
For anything that is not a security or press matter, [email protected] is the right address. To help us resolve faster, include your browser and version, which extension (Editor or Guardian), and the steps to reproduce. For reproducible issues, a GitHub issue lets the whole community benefit from the answer.
Security disclosure
In short: [email protected], with a PGP key at /.well-known/security.txt. Responsible disclosure: 90-day standard timeline, researcher credit in release notes.
We honor responsible disclosure and credit researchers in the release notes. The machine-readable policy is published per RFC 9116 at /.well-known/security.txt, and the full human-readable policy is on the security page. Please do not open public GitHub issues for security vulnerabilities — email first.
Press and media
In short: [email protected] for interviews and comment. We can speak to the cookie-extension migration landscape and privacy-preserving extension design.
We are happy to comment on the post-EditThisCookie and post-Cookie AutoDelete migration story, the Manifest V3 transition’s effect on privacy extensions, and how zero-knowledge sync is designed.
See also
- Security — full disclosure policy and PGP details
- About — who we are and how we are funded
- Open source — GitHub repositories and contribution guide
- Privacy policy — how we handle the little data we hold
- Pricing — billing and refunds