If you discover a security vulnerability in Pipali, please report it via GitHub Security Advisories.

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact

We will acknowledge your report within 72 hours and aim to provide a fix timeline within 2 weeks.

This policy applies to the Pipali open-source application. For issues related to the Pipali Platform service, please report via the same channel.

We ask that you do not publicly disclose the vulnerability until we have had a chance to address it. We are committed to working with security researchers and will credit you in our release notes (unless you prefer to remain anonymous).