If you discover a security vulnerability in this project, please report it responsibly. We take security seriously and will respond promptly.

Email: security@hypersec.io

Please include:

• A description of the vulnerability
• The affected component or version
• Steps to reproduce the issue
• Proof-of-concept code (if applicable)
• Your contact information for follow-up

• Acknowledgment: We will acknowledge receipt of your report within 5 business days
• Investigation: We will investigate and keep you informed of our progress
• Resolution: We will work to resolve confirmed vulnerabilities promptly
• Disclosure: We will coordinate with you on an appropriate disclosure timeline

We will not pursue legal action against security researchers who:

• Report vulnerabilities in good faith
• Make reasonable efforts to avoid privacy violations, data destruction, and service disruption
• Do not access or modify data beyond what is necessary to demonstrate the vulnerability
• Allow reasonable time for us to address the issue before public disclosure
• Comply with applicable Australian law

With your permission, we will credit you for the discovery of confirmed vulnerabilities. We do not currently offer monetary bounties, but we value and appreciate responsible disclosure.

The following are generally out of scope:

• Social engineering or phishing attacks
• Denial of service (DoS/DDoS) attacks
• Physical security issues
• Attacks requiring access to a user's device or account
• Issues in third-party dependencies (please report these to the relevant maintainer)
• Theoretical vulnerabilities without proof of exploitability
• Missing security headers or SSL/TLS configuration issues that are not directly exploitable

Security reports: security@hypersec.io

For non-security issues, please use the project's issue tracker.