We take security seriously. If you discover a security vulnerability, please follow these steps:

• Open a public GitHub issue
• Disclose the vulnerability publicly before it's fixed
• Exploit the vulnerability

1. Email us privately at bkut444@gmail.com with:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

2. Allow time for response — We aim to respond within 48 hours

3. Work with us — We'll coordinate the fix and disclosure timeline

1. Acknowledgment — We'll confirm receipt within 48 hours
2. Assessment — We'll evaluate the severity and impact
3. Fix — We'll develop and test a patch
4. Release — We'll release the fix and credit you (if desired)
5. Disclosure — We'll coordinate public disclosure timing with you

This security policy applies to:

• The Trust Center application code
• Docker configurations
• Database schemas and migrations
• API endpoints

• Issues in third-party dependencies (report to them directly)
• Social engineering attacks
• Denial of service attacks

We appreciate security researchers who help keep Trust Center safe. With your permission, we'll acknowledge your contribution in our release notes.

Thank you for helping keep Trust Center and its users safe!