If you discover a security vulnerability in Socialmesh, please report it privately.
Do not open a public GitHub issue for security vulnerabilities.
Email: security@socialmesh.app
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
We will acknowledge receipt within 48 hours and provide updates on our investigation.
This policy covers the Socialmesh mobile application source code in this repository.
Backend services, cloud infrastructure, and APIs are out of scope for this repository's security policy.
We do not currently offer a bug bounty program. We appreciate responsible disclosure and will credit reporters in release notes (with permission).