Thank you for helping secure the IO Beats ecosystem 💙

This policy applies to the iobeats-player repository (frontend player, Next.js/React, Node.js dependencies).

• Use GitHub’s Private vulnerability reporting in the Security tab.
• Or email us at security@iobeats.com.
• Include: impact, reproduction steps, affected components, environment (browser/node version).

• We acknowledge within 72 hours.
• We triage and prioritize within 7 days.
• Fix/mitigation timelines depend on severity.
• Coordinated disclosure preferred — we’ll credit you if desired.

• DDoS, social engineering, phishing.
• Non-security bugs (submit a regular issue).
• Browser-specific quirks outside supported versions.

No legal action for good-faith research that respects this policy.

Researchers credited after patch & coordinated release.