We are committed to maintaining the security and integrity of Cal AI. If you discover a security vulnerability, please report it responsibly by emailing security@calai.ai or reaching out to the maintainers.

1. Do not disclose the vulnerability publicly until we've had a chance to investigate and release a patch
2. Provide a clear description of the vulnerability
3. Include steps to reproduce the issue if possible
4. Explain the potential impact of the vulnerability
5. Allow us reasonable time to address the issue before public disclosure

Currently supported versions that receive security updates:

When using Cal AI, please be aware of the following security recommendations:

• Keep your Flutter SDK and dependencies updated
• Use the latest version of the application
• Report any suspicious behavior or potential vulnerabilities
• Enable API key security and never commit sensitive credentials

We aim to:

• Acknowledge receipt of your report within 24 hours
• Investigate and respond within 5 business days
• Release patches for confirmed vulnerabilities as quickly as possible

Thank you for helping keep Cal AI secure!