If you discover a security vulnerability in ROBOPO, please report it responsibly via GitHub Security Advisories.

Please do not open a public issue for security vulnerabilities.

• A description of the vulnerability
• Steps to reproduce the issue
• Affected versions
• Any potential impact

• We will acknowledge your report within 7 days.
• We aim to provide a fix or mitigation plan within 30 days, depending on severity.
• You will be notified when the issue is resolved.

The following areas are in scope for security reports:

• Authentication and session management (Better Auth)
• Database access and query injection (Drizzle ORM / Neon Postgres)
• API route handlers
• Server actions and data validation
• Dependency vulnerabilities

• Issues in third-party services (e.g., Neon, Vercel) that are not caused by this project's code
• Denial of service attacks against development environments
• Social engineering