We take security seriously. This section outlines which versions of Rhythm are currently supported with security updates.

If you discover a security vulnerability in Rhythm, please help us by reporting it responsibly.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report security vulnerabilities by emailing:

• Email: security@rhythmapp.dev
• Subject: [SECURITY] Vulnerability Report - Rhythm

When reporting a security vulnerability, please include:

1. Description: A clear description of the vulnerability
2. Steps to Reproduce: Detailed steps to reproduce the issue
3. Impact: Potential impact and severity of the vulnerability
4. Affected Versions: Which versions are affected
5. Environment: Android version, device information
6. Proof of Concept: If possible, include a proof of concept

1. Acknowledgment: We will acknowledge receipt of your report within 48 hours
2. Investigation: We will investigate the report and determine its validity
3. Updates: We will provide regular updates on our progress (at least weekly)
4. Fix: If valid, we will work on a fix and coordinate disclosure
5. Disclosure: We will publicly disclose the vulnerability after a fix is available

We kindly ask that you:

• Give us reasonable time to fix the issue before public disclosure
• Avoid accessing or modifying user data
• Do not perform DoS attacks or degrade the service
• Do not spam our systems with automated tools

We appreciate security researchers who help keep our users safe. With your permission, we may publicly acknowledge your contribution to our security.

For security-related questions or concerns:

• Email: security@rhythmapp.dev
• Telegram: Rhythm Support Group

Thank you for helping keep Rhythm and its users secure! 🛡️