OffMeta takes security seriously. If you discover a security vulnerability, please report it responsibly.

Do NOT report security vulnerabilities through public GitHub issues.

Instead, please email security@offmeta.app with:

1. A description of the vulnerability
2. Steps to reproduce the issue
3. Potential impact of the vulnerability
4. Any suggested fixes (optional)

• Acknowledgment: We will acknowledge receipt of your report within 48 hours
• Assessment: We will investigate and assess the severity of the issue
• Updates: We will keep you informed of our progress
• Resolution: We aim to resolve critical vulnerabilities as quickly as possible
• Credit: With your permission, we will acknowledge your contribution once the issue is resolved

We kindly ask that you:

• Give us reasonable time to address the issue before public disclosure
• Avoid accessing or modifying data that does not belong to you
• Act in good faith to avoid privacy violations and service disruptions
• Do not exploit the vulnerability beyond what is necessary to demonstrate it

This security policy applies to:

• The OffMeta web application
• Associated backend services and APIs
• Any official OffMeta repositories

• Third-party services and integrations
• Social engineering attacks
• Denial of service attacks

Thank you for helping keep OffMeta secure.