We love responsible reports of (potential) security issues in SignetAI.

You can contact us at nicholai@signetai.sh.

Be sure to provide as much information as possible and if found also reproduction steps of the identified vulnerability. Also add the specific URL of the project as well as code you found the issue in to your report.

• Acknowledgement: We aim to acknowledge receipt of your report within 3–5 business days.
• Triage: We will review the report, assess impact and severity, and determine the affected components and versions.
• Remediation: For valid reports, we will work on a fix and prepare a release or patch. Timelines depend on the complexity and impact of the issue.
• Communication: We will keep you reasonably informed of our progress and may request additional information if needed.

We prefer coordinated disclosure. Once a fix is available, we will agree with you on a reasonable disclosure timeline that minimizes risk for users while recognizing your contribution.

When appropriate, we will:

• Publish a security advisory and/or release notes describing the vulnerability, affected versions, and mitigation steps.
• Credit you as the reporter, if you wish, while respecting any request for anonymity.

Please do not publicly disclose details of an unpatched vulnerability without prior coordination with us.