This project is an open source Chrome extension and we take its security seriously. If you believe you have found a vulnerability, please follow the guidelines below.

Email details to security@check.com. Please include steps to reproduce, extension version, browser version, and any relevant logs. You may request our PGP key for encrypted communication. Avoid publicly disclosing the issue until we confirm a fix.

• Give us a reasonable amount of time to investigate and resolve the issue before any public disclosure (typically 90 days).
• Do not exploit vulnerabilities beyond what is necessary to confirm their existence.
• Avoid accessing, modifying, or deleting user data without explicit permission.
• Limit testing to accounts and systems you own or have permission to test. When possible, test against a local instance of the extension loaded in developer mode rather than the Chrome Web Store version.

• Acknowledgement: within 48 hours.
• Initial assessment: within 5 business days.
• Resolution target: within 30 days, or we will provide an updated timeline.

• Email: security@check.com
• GitHub Security Advisories: use the repository's "Report a vulnerability" feature.

Thank you for helping keep Check by CyberDrain secure.