Security and privacy are foundational pillars at Grams. We are committed to ensuring that our software and services embody these values by safeguarding the confidentiality, integrity, and availability of user data. We also welcome and appreciate the vigilance of our community in identifying and addressing security concerns responsibly.

Before diving into the technical aspects, it's essential to highlight some fundamental personal security guidelines:

• Never Share Sensitive Information: Passwords and mnemonic phrases are your keys to the Grams universe. Sharing these with anyone, even Grams staff, compromises your personal security.

• Be Wary of Phishing Attacks: Always verify the URLs and email addresses you interact with, especially when they involve entering your credentials.

Identified a security vulnerability in any Grams service or software? Please report it to us immediately. Your cooperation in responsible disclosure enables us to rectify the issue promptly. Here's how you can report:

1. Email a detailed description of the vulnerability to security@grams.dev, preferably with steps to reproduce the issue.

2. Our security team will acknowledge the receipt and begin the investigation.

3. We will liaise with you to better understand the scope and impact and to validate your discovery.

4. On resolving the issue, you'll get due credit for your responsible disclosure, unless you wish to remain anonymous.

For the well-being of our community, we request you to:

• Refrain from exploiting or publicly sharing the vulnerability until it's resolved.

• Avoid affecting the privacy, integrity, or availability of our systems and data.

• Abstain from harmful activities like denial-of-service attacks.

• Not access, alter, or delete user data without explicit consent.

• Comply with all applicable laws and regulations.

Your cooperation helps maintain our security integrity, contributing positively to the Grams ecosystem.

We value the role of security researchers in fortifying our security posture. Valid reports will earn due acknowledgment, and your name may appear in our security credits with your consent.

As long as you adhere to these guidelines, Grams will not pursue legal actions against you for your responsible security research. However, we do expect good faith and a reasonable window to address the vulnerability before any public disclosure.

Your proactive involvement is invaluable in keeping Grams a secure and trusted platform. For further inquiries, please reach out to security@grams.dev.