We take the security of our open-source web application seriously. If you discover any security vulnerabilities or potential issues that could compromise the confidentiality, integrity, or availability of our application or its users' data, we encourage you to report it to us in a responsible manner.

To report a security issue, please follow these steps:

1. Do Not disclose the issue publicly or to anyone other than the project maintainers initially.

2. Submit your findings through our official communication channels, such as:

   • Email: tinykishore@icloud.com
   • Private message to one of the project maintainers on our official communication platforms (e.g., GitHub).

3. Provide detailed information about the vulnerability or issue, including:

   • Description of the issue and the potential impact.
   • Steps to reproduce the vulnerability.
   • Any proof-of-concept code, if applicable.

4. Our security team will acknowledge your report and respond as quickly as possible, usually within 48 hours. We will work with you to investigate and understand the scope of the issue.

5. Once the vulnerability is confirmed, we will take appropriate actions to fix the issue, and we will keep you informed about the progress.

6. After the issue has been resolved, we will publicly acknowledge your responsible disclosure if you wish to be credited. If you prefer to remain anonymous, we will respect your privacy.

Our security policy covers the core components and infrastructure of the web application that directly impacts the security of user data, privacy, and overall application stability. This includes but is not limited to:

• Authentication and authorization mechanisms
• Data storage and access controls
• Input validation and output encoding
• Session management
• Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities
• Remote code execution or privilege escalation
• Denial of Service (DoS) attacks

Please note that our security team reserves the right to determine the eligibility of a reported issue and its severity.

The following types of security issues are generally outside the scope of our security policy:

• Security issues in third-party applications or plugins used by the project but not developed or maintained by us.
• Issues resulting from misconfigurations in user or client-side software.
• Vulnerabilities that are too old or already known to us, which we are actively working on or have planned fixes for.
• Issues related to spam, social engineering, or other forms of non-technical attacks.
• Theoretical security issues without any practical demonstration of exploitation.

We are committed to not taking any legal action against you or pursuing any civil or criminal case related to the responsible disclosure of security vulnerabilities. As long as you comply with the above guidelines and act in good faith, we will consider your actions as part of our Safe Harbor policy.

Our team is dedicated to providing a secure and reliable web application for our users. We continuously work on improving our security practices, conducting regular code reviews, and employing various security testing techniques to ensure the safety of our users and their data.

Your collaboration and responsible disclosure will help us maintain a strong security posture, and we sincerely appreciate your efforts in making our project safer for everyone.

This security policy is adapted and based on the Open Source Template by Parastoo Torkaman and is licensed under CC BY-SA 4.0.