Please do not file public GitHub issues for security vulnerabilities.

Email support@roadflare.app with:

• A description of the vulnerability and its potential impact.
• Steps to reproduce (or a proof-of-concept).
• The affected version, commit, or App Store build number if known.

You should receive an acknowledgement within a few days. We'll work with you on a fix and coordinate disclosure timing.

This policy covers the RoadFlare iOS app and the RidestrSDK / RidestrUI Swift Packages in this repository. Vulnerabilities in the underlying Ridestr protocol, Nostr relays, or third-party dependencies should be reported to the relevant upstream project.