Privacy-safe help

Castles support

Most support questions can be handled with a sanitized description and synthetic reproduction. Your mailbox data does not belong in an issue, email, screenshot, recording, or chat transcript.

Never submit private mailbox or OAuth data

Do not submit or attach:

  • email addresses or local parts;
  • message subjects or bodies;
  • complete URLs, message IDs, or headers;
  • OAuth URLs, callback parameters, authorization codes, tokens, or state values;
  • Google client JSON or client secrets;
  • Castles databases, exports, token files, or raw mailbox data.

Setup and general problems

Search existing issues first. A public setup issue may include the Castles version, operating system, sanitized command name, sanitized error text, and reproducible steps that contain no private values.

Open the issue chooser

Detection feedback

Public feedback must use a synthetic reproduction. Replace private wording with equivalent invented wording, use reserved domains such as service.example or example.com, and state expected versus actual behavior. Do not name a real company or propose company-specific rules.

A failing synthetic corpus case is required before a production detection-policy change.

Security vulnerabilities

Do not open a public issue. Use GitHub’s private vulnerability-reporting flow and include only a concise impact description and synthetic reproduction. If private reporting is unavailable, open a minimal public issue asking for a private channel without vulnerability details.

Report a vulnerability privately

Privacy questions

Use the same data-minimization rules above. If a privacy question would require private information, request a private channel without posting that information publicly.