If you discover a security vulnerability in SprintiQ, please report it privately rather than opening a public issue.
Email: support@sprintiq.ai
Please include:
- A description of the vulnerability
- Steps to reproduce
- The affected version (commit SHA or release tag)
- Your suggested severity classification
We aim to acknowledge reports within 72 hours and provide a status update within 7 days.
This security policy applies to the code in this repository. Self-hosted deployments are the operator's responsibility — including environment variable management, Supabase RLS policy configuration, and API key rotation.
The main branch receives security updates. Older tagged releases may not.