StackMap takes the security and privacy of our users seriously. We implement zero-knowledge encryption to ensure that your data remains private and secure.

• Zero-Knowledge Encryption: All data is encrypted on your device before syncing
• 32-Character Recovery Phrases: Secure, unique phrases for data recovery
• No Server-Side Decryption: We cannot read your data, even if asked
• Open Source: Our code is open for security audits

If you discover a security vulnerability, please help us protect our users by following responsible disclosure:

1. Email us directly: security@stackmap.app
2. Include details:
   • Type of vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fixes (if any)
3. Allow us time: We'll respond within 48 hours and work on a fix
4. Coordinate disclosure: We'll work with you on timing for public disclosure

• Respond to your report within 48 hours
• Keep you informed about our progress
• Credit you for the discovery (unless you prefer to remain anonymous)
• Not pursue legal action for good-faith security research

• StackMap web application (stackmap.app)
• StackMap mobile applications (iOS and Android)
• Sync infrastructure and encryption
• Authentication and authorization
• Data storage and transmission

• Third-party services we integrate with
• Physical attacks on user devices
• Social engineering attacks
• Denial of Service (DoS) attacks

• Never share your 32-character recovery phrase
• Store it securely offline
• Don't save it in plain text on your device

• Install updates promptly
• Updates include security patches

• Use device lock screens
• Keep your device OS updated
• Be cautious with public WiFi

Security updates are released as soon as fixes are available. We follow this process:

1. Critical (exploitable remotely): Patch within 24-48 hours
2. High (requires user interaction): Patch within 1 week
3. Medium (limited impact): Patch within 2 weeks
4. Low (minimal risk): Include in next regular update

• Regular internal security reviews
• Open to community security audits
• Automated dependency scanning via GitHub

We thank the security researchers who have helped make StackMap more secure:

• Your name could be here!

• Security Issues: security@stackmap.app
• General Support: support@stackmap.app
• PGP Key: [Coming Soon]

Thank you for helping us keep StackMap secure for everyone.