We take the security of Jinero and our users seriously. If you believe you've found a security vulnerability, please tell us — we welcome good-faith research.
Reporting a vulnerability
Email [email protected] with the subject line "Security". Please include:
- A clear description of the issue and its potential impact.
- Steps to reproduce (proof-of-concept, requests, or screenshots).
- The affected URL, endpoint, or part of the Figma plugin.
Our commitment
- We acknowledge reports within 2 business days.
- We triage, keep you updated, and patch valid issues as quickly as we can.
- We won't pursue legal action against researchers acting in good faith under this policy (no privacy violations, data destruction, or service disruption).
Scope
In scope: the jinero.online web app and API, and the
Jinero Figma plugin.
Out of scope: volumetric/DoS attacks, social engineering, spam,
automated scanner output without a demonstrated impact, and issues in third-party
services we don't operate.
How we handle your data
- All traffic is served over HTTPS.
- Images you process with the in-plugin tools (background remover, image→SVG tracer) are handled transiently: temporary files are automatically deleted within ~60 minutes by a scheduled cleanup job. They are never stored long-term, shared, or used for any other purpose.
- The Figma plugin uses least-privilege network access — it can
only communicate with
jinero.online. - We don't collect payment data, and we don't run third-party analytics inside the plugin.
Accreditations
Jinero is an independent project and is not currently accredited to formal standards such as SOC 2, ISO 27001, PCI DSS, HITRUST, or SSAE 18. We follow standard, pragmatic security practices described above.
See also our Privacy Policy.