C.O.R.E (Contextual Observation & Recall Engine) takes security seriously. We are committed to protecting user data and maintaining the highest security standards for our memory graph platform.

We currently support the following versions with security updates:

We appreciate responsible disclosure of security vulnerabilities. If you discover a security issue, please follow these steps:

📧 Email: harshith@poozle.dev

Please include the following information in your report:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Potential impact and severity assessment
• Any suggested mitigation or fix (if available)
• Your contact information for follow-up

1. Acknowledgment: We will acknowledge receipt of your report within 48 hours
2. Initial Assessment: We will provide an initial assessment within 5 business days
3. Investigation: We will investigate and work on a fix
4. Resolution: We will notify you when the issue is resolved
5. Credit: With your permission, we will credit you in our security advisories

• Do not publicly disclose the vulnerability until we have had a chance to address it
• Do not access or modify user data without explicit permission
• Do not perform testing that could impact service availability
• Report the vulnerability as soon as possible after discovery

• Use strong, unique passwords for your account
• Enable two-factor authentication when available
• Review connected applications and integrations regularly
• Report suspicious activity immediately
• Keep your API keys and access tokens secure

• Follow our Security Hardening Guide
• Use HTTPS/TLS for all communications
• Regularly update dependencies and base images
• Implement proper backup and disaster recovery procedures
• Monitor logs for suspicious activity
• Use strong authentication mechanisms
• Secure your database and Redis instances
• Implement network security controls (firewalls, VPNs)

• In Transit: All data is encrypted using TLS 1.3
• At Rest: Sensitive data including tokens are encrypted using AES-256
• Database: Personal access tokens are stored with cryptographic hashing

• User data is retained according to our privacy policy
• Users can request data deletion at any time
• Deleted data is permanently removed from our systems within 30 days

• Role-based access control (RBAC) for all system components
• Principle of least privilege for all user and system accounts
• Regular access reviews and deprovisioning procedures

• OAuth 2.0 integration (Google)
• Magic link authentication for passwordless login
• Personal Access Tokens for API access
• Workspace-based isolation and access controls

• Regular security updates and patch management
• Network segmentation and access controls
• Monitoring and alerting for security events
• Regular security assessments and code reviews

We are working toward compliance with:

• SOC 2 Type II - Information security management
• GDPR - Data protection and privacy rights
• CCPA - California consumer privacy rights

Security updates will be:

• Released as soon as possible after discovery and resolution
• Announced through our official channels
• Documented in our changelog with appropriate severity levels

For security-related inquiries:

• Security Team: harshith@poozle.dev
• General Support: Discord Community

We are currently evaluating the implementation of a formal bug bounty program. In the meantime, we encourage responsible disclosure and may offer recognition for significant security contributions.

Last Updated: January 2025 Version: 1.0