Security Policy
1. Our approach
We use reasonable safeguards to protect the public site and reduce unnecessary transfer of user content. These include encrypted connections, browser security controls, restricted access to non-public project files, dependency review and practical limits for large local file workflows. We review and adjust these measures as the service changes.
2. Browser-side processing
Browser-side processing reduces unnecessary content transfer, but it is not a security guarantee. Your browser still parses selected files and downloads the resources described in the Privacy Policy. Use an updated browser, avoid untrusted or unexpectedly large files, and keep original backups.
3. External resources
The interface may request Google Fonts. Background Remover may request runtime and model assets from the providers identified in the Privacy Policy when used. Those providers receive ordinary connection information needed to deliver the files.
4. Report a vulnerability
Email [email protected] with the subject Security report. Include the affected URL, reproducible steps, impact, browser and operating-system details, and a safe proof of concept. Do not include private drafts, identity documents, credentials, malicious files or sensitive personal data.
5. Responsible testing
Do not access data that is not yours, degrade availability, send excessive traffic, use social engineering, test third-party providers, or publish an unresolved issue before allowing reasonable time for investigation and remediation. This policy does not create a bug-bounty promise or authorize unlawful activity.
6. Scope and response
The current production release at instantwordcount.com is in scope. Reports about unrelated hosting customers, browser vendors, external providers or unsupported copies are outside our control. We review credible reports as promptly as practical; response and remediation time depends on severity and reproducibility.