We take security seriously. If you discover a security vulnerability in SnapPass AI, please let us know as soon as possible. Follow these steps to report the issue responsibly:
- Do not publicly disclose the vulnerability or share it with anyone who does not need to know.
- Contact us via the security email listed below. Include a clear description of the issue, steps to reproduce, impact, and any relevant logs or screenshots.
- Allow us time to respond. We will acknowledge receipt of your report within 48 hours and aim to provide a fix or mitigation promptly.
- Coordinate disclosure. Once a fix is released, we will work with you to coordinate a public announcement if desired.
- Email: security@snapass.ai (replace with actual address)
- PGP key (optional for encrypted communication):
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
- Detailed description of the vulnerability
- Steps to reproduce (including any test files or payloads)
- Expected vs. actual behavior
- Potential impact (e.g., data leakage, unauthorized access)
- Any mitigations you have identified
- We will treat all reports with confidentiality and professionalism.
- We will credit you (if you wish) in any public advisory.
- We will aim to resolve the vulnerability as quickly as possible.
This security policy is part of the SnapPass AI open‑source project. Contributions and feedback are welcome to improve our security posture.