Please report security vulnerabilities privately and do not open a public issue.
- Email:
info@emotionmachine.ai - Subject:
with.md security report - Include:
- Affected component/path
- Reproduction steps or proof of concept
- Expected impact/severity
- Any suggested fix (optional)
We will acknowledge receipt as quickly as possible and coordinate remediation and disclosure with you.
This policy applies to this repository and the services/components documented
in README.md:
web/(Next.js app + API routes)convex/(backend functions/schema)hocuspocus-server/(realtime websocket bridge)
We support good-faith security research. Please:
- Avoid privacy violations, data destruction, and service disruption.
- Test only against systems you own or are authorized to test.
- Stop and report immediately if you access sensitive data.