# Security Policy

Colanode takes security seriously. If you discover a vulnerability, please report it privately and avoid public disclosure until we’ve had a chance to investigate.

## Reporting a vulnerability

- Preferred: Use GitHub Security Advisories for this repository to submit a private report.
- If you cannot use GitHub Security Advisories, contact the maintainers via the email listed on the Colanode GitHub organization profile.

Please include:

- A clear description of the issue and its impact.
- Steps to reproduce (including any relevant configuration).
- A proof of concept, if available.
- Affected components (server, web, desktop, mobile) and versions/commits.

## What to expect

We’ll acknowledge receipt and work on a fix. Coordinated disclosure helps protect users—thank you for reporting responsibly.