If you discover a security issue in this repository, please email api@audd.io privately. Do not open a public GitHub issue for security reports.

We will acknowledge receipt within 2 business days and coordinate disclosure with you.

• In scope: issues in the OpenAPI spec or fixtures hosted in this repository (e.g., a fixture that leaks production data, a spec entry that documents an unsafe pattern).
• Out of scope: vulnerabilities in the per-language SDKs (file those on the corresponding AudDMusic/audd-<lang> repo) or in the AudD service / API itself (email api@audd.io with subject AudD service: <summary>).

This repository contains specification documents and fixtures only — no production code, secrets, or services.