Please do not report security vulnerabilities through public GitHub issues.

• Email: snda@hey.com
• Subject: "Security Vulnerability Report"
• Include:
  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 1 week
• Resolution Timeline: Depends on severity
• Credit: Public acknowledgment (if desired)

• Encryption: All data encrypted in transit (HTTPS/TLS)
• Authentication: JWT-based secure authentication
• Database: Encrypted at rest on production
• File Storage: Secure media handling with consent tracking

• GDPR Compliant: User data rights and protection
• Consent Management: Clear consent flows for all data collection
• Data Minimization: Only collect necessary information
• Right to Deletion: Users can request data removal

• Production Hardening: Security headers, CORS, rate limiting
• Environment Isolation: Separate dev/staging/production
• Dependency Scanning: Regular security updates
• Access Control: Principle of least privilege

• Never commit secrets or API keys
• Use environment variables for sensitive data
• Follow secure coding practices
• Test for common vulnerabilities (XSS, CSRF, SQL injection)

• Use strong, unique passwords
• Enable two-factor authentication when available
• Keep your browser updated
• Report suspicious activity

Security is everyone's responsibility. Thank you for helping keep sNDa safe.