Security Policy

How we handle security and vulnerability disclosures.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it by emailing the maintainer directly on security at as93 dot net.

Security Practices

  • All connections are fully encrypted (HTTPS/TLS)
  • Your data is encrypted locally or with keys only you control
  • We follow the principle of least privilege — only what’s needed has access
  • We use strong security headers and proven, modern encryption
  • We never trust or expose unvalidated data
  • Secrets are securely stored and never committed to code
  • All code is open source and regularly reviewed
  • Dependencies are audited and kept up to date
  • We log safely — no personal or sensitive data is ever recorded
  • We respond quickly to any reported security issues

Supported Versions

We support security updates for the latest release only. Self-hosted instances should update regularly.

Response Time

We aim to acknowledge security reports within 48 hours and provide updates on resolution progress.