If you discover a security vulnerability in omo-pulse, please report it responsibly by emailing ezotoff@users.noreply.github.com with the following details:

• Description: Clear explanation of the vulnerability
• Steps to Reproduce: How to trigger the issue
• Affected Version(s): Which version(s) are affected
• Impact: Potential consequences of the vulnerability

We aim to address security reports on a best-effort basis:

• Acknowledgment: Within 48 hours of receipt
• Critical Issues (data exposure, authentication bypass, code injection): Fix targeted within 7 days
• Other Security Issues: Resolution timeline depends on severity and complexity

A security issue is a vulnerability that could compromise:

• Data confidentiality: Unauthorized access to sensitive information
• Data integrity: Unauthorized modification or deletion of data
• Authentication/Authorization: Bypassing login, privilege escalation, or session hijacking
• Code injection: Vulnerabilities allowing injection attacks (SQL injection, command injection, XSS, etc.)
• Cryptographic weaknesses: Improper encryption, weak key generation, or insecure storage

The following are typically not considered security issues and should be reported as standard bugs:

• UI/UX bugs: Visual glitches, layout issues, usability problems
• Feature requests: Requested enhancements or new functionality
• Documentation errors: Typos or unclear documentation
• Performance issues: Slow operations or resource inefficiency
• Standard bugs: Non-security-related functionality issues

Please keep vulnerability details confidential until we've released a fix. Responsible disclosure is appreciated and helps protect users.

Thank you for helping keep omo-pulse secure.