Skip to content
The world does revolve around you.

Contact#

How to reach a human, by what you need.

At a glance#

If you need ... Email Expect a reply
Help installing or using Ostler [email protected] Within 2 working days
To report a bug [email protected] Within 2 working days; faster if reproducible
To suggest a feature [email protected] We read everything; we do not promise to ship everything
To privately disclose a security issue [email protected] Acknowledgement within 1 working day
Press, partnerships, or anything commercial See the marketing site Varies

Getting help#

Before you email#

You will get a faster, more useful answer if you have already tried:

  1. The Troubleshooting page – most install and runtime issues are listed there with copy-paste fixes.
  2. The FAQ – non-technical questions about hardware, privacy, and pricing.
  3. The Hub's built-in diagnostic dashboard. Browse to:
http://localhost:8089/doctor

Note any failing checks – the URL of the diagnostic dashboard, and a description of what is red, are useful things to include in the email.

What to include#

When emailing [email protected], the most helpful messages contain:

  • A short description of what you were doing when the problem appeared.
  • What you expected to happen.
  • What actually happened (an error message verbatim is gold).
  • The state of the diagnostic dashboard at http://localhost:8089/doctor if the Hub is running.
  • Your macOS version (sw_vers -productVersion) and Mac model (Apple menu > About This Mac).
  • The Hub version (visible on the diagnostic dashboard).

We do not need – and prefer you not to send – screenshots that include the contents of your messages, contacts, or calendar. Personal data does not help us debug.

Response times#

  • General questions and help requests – we aim to reply within 2 working days. Hong Kong office hours.
  • Reproducible bug reports – we triage daily. Severe bugs (data loss, security) get priority.
  • Security disclosures – acknowledged within 1 working day. See below for the disclosure flow.

Reporting a bug#

Send the contents of the "What to include" list above to [email protected]. For bugs you can reproduce reliably, a short list of steps to reproduce makes everything faster.

We will reply with one of:

  • "Reproduced – tracking it" with a reference number.
  • A request for more information.
  • "Working as designed, here is why" with a link to the relevant docs.

Bugs that affect a lot of people land in the Changelog once fixed.

Suggesting a feature#

We read every feature request. We do not commit to building everything – the bar is high because the product surface is intentionally narrow. Useful suggestions:

  • Describe the problem you are trying to solve, not a specific implementation.
  • Tell us how often you hit it.
  • Tell us what you do today to work around it.

Reporting a security issue#

Do not open a public discussion or post a security finding on social media. Email [email protected].

What to send#

  • A clear description of the issue.
  • Steps to reproduce, if you have them.
  • The Hub or iOS app version where you found it.
  • Your preferred response email and (optionally) a PGP fingerprint if you want to encrypt.

Our PGP key#

If you need to send sensitive material encrypted, email us first and we will agree a secure channel. The PGP public key for [email protected] is published at /security.asc.

What we will do#

  1. Acknowledge your email within 1 working day.
  2. Validate the issue and give you a rough triage within 5 working days.
  3. Keep you in the loop as we work on a fix.
  4. Publish a security advisory on this site once the fix is shipped, crediting you (or keeping you anonymous, your choice).

Scope#

In scope:

  • The Hub installer and Hub services.
  • The Ostler iOS app.
  • The official Safari and Chrome browser extensions.
  • The local API and any pairing or trust mechanism between Hub and the iOS app.

Out of scope:

  • Vulnerabilities in third-party dependencies that have already been disclosed and have a public CVE (Common Vulnerabilities and Exposures) entry – please report those upstream.
  • Issues that require physical access to an unlocked Mac (your local OS security is not in our threat model).
  • Social-engineering scenarios that target the user rather than the product.

We do not currently run a paid bounty programme. We do credit researchers in advisories.

What we will not do#

We will not:

  • Reset, recover, or extract your encrypted data. By design, we cannot. See the FAQ.
  • Ask you for your passphrase, recovery key, Apple ID password, or any other credential. Anyone claiming to do so on our behalf is not us.
  • Phone you. We are an email-first support team.

Press, partnerships, hiring#

For press enquiries, partnerships, or hiring see the About page on the marketing site.