Privacy-safe help
Castles support
Most support questions can be handled with a sanitized description and synthetic reproduction. Your mailbox data does not belong in an issue, email, screenshot, recording, or chat transcript.
Never submit private mailbox or OAuth data
Do not submit or attach:
- email addresses or local parts;
- message subjects or bodies;
- complete URLs, message IDs, or headers;
- OAuth URLs, callback parameters, authorization codes, tokens, or state values;
- Google client JSON or client secrets;
- Castles databases, exports, token files, or raw mailbox data.
Setup and general problems
Search existing issues first. A public setup issue may include the Castles version, operating system, sanitized command name, sanitized error text, and reproducible steps that contain no private values.
Detection feedback
Public feedback must use a synthetic reproduction. Replace private wording with equivalent invented wording, use reserved domains such as service.example or example.com, and state expected versus actual behavior. Do not name a real company or propose company-specific rules.
A failing synthetic corpus case is required before a production detection-policy change.
Security vulnerabilities
Do not open a public issue. Use GitHub’s private vulnerability-reporting flow and include only a concise impact description and synthetic reproduction. If private reporting is unavailable, open a minimal public issue asking for a private channel without vulnerability details.
Report a vulnerability privately
Privacy questions
Use the same data-minimization rules above. If a privacy question would require private information, request a private channel without posting that information publicly.