Thank you for taking the time to help us improve the security of hexaTuneProto.
If you discover a vulnerability or security issue, we strongly encourage you to disclose it responsibly.
Please report any security issues privately by emailing:
Include the following information if possible:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Any proof-of-concept code or screenshots
- Affected versions or environments
You will receive a response within 3–5 business days.
Optionally, you may encrypt your report using our GPG key (coming soon).
This policy applies to vulnerabilities in:
- Application logic
- Authentication/Authorization
- Data integrity and privacy
- Dependency and supply chain concerns
The following will generally not be considered security issues:
- Missing security headers
- Rate limiting or brute-force protection
- Outdated browser support
Thank you for helping make hexaTuneProto more secure! 🛡️