Two updates worth sharing from Say That Sh** this week.
25% of revenue goes to the EFF
When we started charging for messages, one thing was clear - if people are trusting us with their money, a meaningful portion should go toward something that matters.
25% of all Say That Sh** revenue is donated quarterly to the Electronic Frontier Foundation. Not a vague "we support digital rights" statement. Actual money, actual receipts, fully transparent.
We built a dedicated giving page with:
- Live revenue and donation tracking for the current quarter
- Full donation history with receipt links
- No fine print - 25% of gross, donated quarterly
The EFF made sense because they fight for the same things this platform is built around - free expression, digital privacy, and keeping the internet open. If you're building something that charges money, consider doing something like this. It's not complicated to set up and it keeps you honest.
Security policy and security.txt
We also added a proper security policy and configured security.txt via Cloudflare. The page covers:
- How to report vulnerabilities (security@saythat.sh)
- Response timeline - 72 hours to acknowledge, 7 days for initial assessment, 30 days to fix
- Clear scope (what's fair game, what's not)
- Safe harbor for good-faith researchers
- No bug bounty, but we'll credit you publicly if you want
Every site should have this. If you don't have a security.txt yet, it takes about 10 minutes to set up through Cloudflare and it gives researchers a clear path to reach you instead of just moving on.
As always, we'd love to hear what you think.
Top comments (0)