Ovumcy handles sensitive health data, and we take security seriously. This policy applies to the public Ovumcy repositories: ovumcy-web, ovumcy-app, and ovumcy-sync-community. If a repository defines its own SECURITY.md, that policy takes precedence for that repository.

Please report security issues privately. Do not open a public GitHub issue for an unpatched vulnerability.

• Email: contact@ovumcy.com
• Subject: SECURITY: <short summary>
• Include: affected repository and version/commit, impact, reproduction steps, affected endpoints/files, and a suggested fix if available

We will acknowledge receipt within 72 hours and provide a remediation plan after triage. Please allow reasonable time for a fix before public disclosure.