The IconInk project is committed to providing a secure application for tattoo and piercing professionals to manage client information. Given the sensitive nature of the data handled by this application, we take security very seriously and are dedicated to maintaining high standards of data protection.

We currently provide security updates for the following versions of IconInk:

IconInk is designed with a privacy-first approach:

• All data is stored locally on the device
• No data is transmitted to external servers or cloud services
• Optional biometric authentication (Face ID/Touch ID) for app access
• Optional encryption for sensitive client data

We take all security vulnerabilities seriously. If you believe you've found a security issue in IconInk, please follow these steps:

1. Do not disclose the vulnerability publicly
2. Email a detailed description of the issue to security@iconink.app
3. Include the following information:
   • Type of issue (e.g., buffer overflow, SQL injection, etc.)
   • Full paths of source file(s) related to the issue
   • The location of the affected source code (tag/branch/commit or direct URL)
   • Any special configuration required to reproduce the issue
   • Step-by-step instructions to reproduce the issue
   • Proof-of-concept or exploit code (if possible)
   • Impact of the issue, including how an attacker might exploit it

Our security team follows these steps when addressing security reports:

1. Acknowledge receipt of the vulnerability report within 48 hours
2. Confirm the vulnerability and determine its impact
3. Develop and test a fix for the vulnerability
4. Release a security update
5. Acknowledge the reporter's contribution (if desired by the reporter)

We recommend the following best practices for IconInk users:

1. Keep your iOS device updated with the latest security patches
2. Enable biometric authentication for app access
3. Enable data encryption in the app settings
4. Set an appropriate auto-lock timeout
5. Use a strong device passcode

IconInk includes several security features:

1. Local Authentication: Optional Face ID/Touch ID verification
2. Data Encryption: Optional encryption for sensitive client data
3. Auto-Lock: Configurable timeout for automatic app locking
4. Privacy-First Design: No network connectivity for data storage
5. Secure Storage: Protected file storage for client information

Security updates will be released as needed through the App Store. Users are encouraged to keep their application updated to the latest version.

IconInk is designed to help studios maintain compliance with various privacy regulations by:

• Keeping all client data local
• Providing secure storage options
• Implementing access controls
• Maintaining data integrity

We would like to thank all security researchers who help make IconInk more secure by responsibly disclosing vulnerabilities.

Last updated: March 26, 2024