This security policy applies to all repositories and systems operated under:

Xolo Go OÜ — Ciprian-Stefan Plesca Registry: 14717109 · EU VAT: EE102156920 · Estonia

If you have identified a security vulnerability in any system under this practice, we ask that you follow responsible disclosure principles.

Email: contact@localpulse.pro Subject line: [SECURITY] Brief description — do not include full technical details in subject

- System/repository affected
- Description of the vulnerability class
- Steps to reproduce (if applicable)
- Potential impact assessment
- Your contact details for follow-up

Please do not:

• Publicly disclose the vulnerability before a fix is available
• Use the vulnerability for any purpose beyond demonstrating it exists
• Access, modify, or delete data that does not belong to you

We commit to:

• Respond to all valid reports within 48 business hours
• Not pursue legal action against good-faith security researchers
• Provide credit for valid disclosures (if the researcher wishes)
• Disclose the vulnerability publicly once remediated

In scope:

• All public repositories under this GitHub profile
• localpulse.pro and associated infrastructure
• Any system explicitly listed as in-scope

Out of scope:

• Social engineering attacks against the operator
• Physical security
• Denial of service attacks
• Issues in third-party dependencies (report to the dependency maintainer)

We use the CVSS 3.1 scoring system for severity classification:

This security policy is maintained under the engineering doctrine of Ciprian Stefan Plesca / Xolo Go OÜ. Last reviewed: 2025