If you discover a security vulnerability in StudyMap, please report it responsibly by emailing studentsuite0@gmail.com with the following details:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (if you have them)

Do not file a public GitHub issue for security vulnerabilities. We will investigate privately and work with you on a fix.

• Acknowledgment: Within 48 hours
• Investigation: Within 1 week
• Fix and disclosure: Timeline depends on severity and complexity

This security policy covers:

• Data breaches or unauthorized access
• Authentication/authorization bypasses
• Injection or code execution vulnerabilities
• Privilege escalation
• Information disclosure

• Social engineering or phishing
• Physical security
• Denial of service attacks
• Issues in third-party dependencies or services (report to the vendor directly)

Security researchers who responsibly report vulnerabilities help keep StudyMap safe for students. Thank you for your contribution.