Thank you for helping keep PomaiDB safe and secure for everyone — especially users running it on personal devices, phones, Raspberry Pi, IoT boards, and other edge hardware where privacy and data integrity matter most.

PomaiDB is an embedded, single-process vector database with no network server by default, which already significantly reduces the attack surface compared to traditional database servers. However, we take security seriously at every level.

We greatly appreciate responsible disclosure.

If you believe you have discovered a security vulnerability in PomaiDB, please do not open a public GitHub issue or discuss it publicly until it has been resolved.

Instead, please report it privately to us using one of the following channels:

• Preferred: Email → pomai.contact@gmail.com
  Subject line recommendation: [SECURITY] Vulnerability in PomaiDB vX.Y.Z

• Alternative: Private message to @AutoCookies on GitHub (if you have a GitHub account)

Please include as much of the following information as possible:

• Description of the vulnerability (what it is, how it can be triggered)
• Affected versions (e.g. v1.3.0, main branch commit hash)
• Steps to reproduce (code snippet, input data, environment details)
• Potential impact (data leak, crash, code)