If you discover a security vulnerability in Flagit, please do not open a public issue.

Instead, report it responsibly by emailing us directly:

Email: ekeneifunanya@gmail.com

Please include:

• A description of the vulnerability.
• Steps to reproduce it.
• The potential impact.
• Any suggested fixes, if you have them.

• We will acknowledge your report within 48 hours.
• We will provide an initial assessment within 5 business days.
• We will work with you to understand and resolve the issue before any public disclosure.

This policy applies to the Flagit application and its server-side API. Third-party dependencies are outside our direct control, but we will do our best to address known vulnerabilities in our dependency chain.

We appreciate responsible disclosure. Contributors who report valid security issues will be credited (with your permission) in the project's release notes.