Only the latest dev and main branches are currently supported.

We take security seriously. If you discover a vulnerability:

1. DO NOT open a public GitHub issue.
2. Send an email immediately to security@skooly.io.
3. Include:
   • Description of the flaw.
   • Steps to reproduce.
   • Potential impact.

We will acknowledge your email within 48 hours.

• We practice Responsible Disclosure.
• We commit to fixing critical vulnerabilities within 7 days.
• We will properly credit you in the release notes (if you wish).

Since Skooly handles sensitive data (Grades, Payments, Identity), we are extra vigilant on:

• Payment Webhooks: Ensure HMAC signature verification from MTN/Orange.
• Grade Modification: Ensure strict audit logs for any UPDATE on Grade table.
• PII Leakage: No student personal data in logs.