We take security seriously and appreciate your efforts to responsibly disclose any vulnerabilities you find.

1. DO NOT create a public GitHub issue for security vulnerabilities
2. DO email security details to: dipesh@drdroid.io
3. DO include "SECURITY VULNERABILITY" in the subject line
4. DO provide detailed information about the vulnerability

Please include the following information in your report:

• Description: Clear description of the vulnerability
• Steps to Reproduce: Detailed steps to reproduce the issue
• Impact: Potential impact of the vulnerability
• Suggested Fix: If you have suggestions for fixing the issue
• Environment: OS, Python/Node.js versions, etc.

• Initial Response: Within 48 hours
• Status Update: Within 1 week
• Resolution: Depends on complexity, typically 2-4 weeks

We follow responsible disclosure practices:

1. Private Investigation: We'll investigate the report privately
2. Fix Development: We'll develop a fix without public disclosure
3. Coordinated Release: We'll coordinate the release of the fix
4. Public Disclosure: We'll publicly acknowledge the fix

When using Voice Summary:

1. Environment Variables: Never commit API keys or sensitive data
2. Database Security: Use strong passwords and restrict access
3. Network Security: Use HTTPS in production
4. Regular Updates: Keep dependencies updated
5. Access Control: Implement proper authentication and authorization

Voice Summary includes several security features:

• Input Validation: All API inputs are validated
• SQL Injection Protection: Uses parameterized queries
• CORS Protection: Configurable CORS settings
• Rate Limiting: Built-in rate limiting capabilities
• Audit Logging: Comprehensive logging for security events

For security-related questions or concerns:

• Email: dipesh@drdroid.io
• Subject: Include "SECURITY" in the subject line
• Response Time: Within 48 hours

Thank you for helping keep Voice Summary secure! 🔒