We take security seriously at Voidly. If you discover a security vulnerability in any Voidly repository, please report it responsibly.

Email: security@voidly.ai

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Resolution Timeline: Depends on severity, typically 30-90 days

This policy applies to:

• All repositories in the voidly-ai organization
• The Voidly API (api.voidly.ai)
• Voidly web properties (voidly.ai)

• Social engineering attacks
• Denial of service attacks
• Issues in third-party dependencies (report to upstream)

We will not pursue legal action against researchers who:

• Act in good faith
• Avoid privacy violations
• Do not destroy data
• Report findings promptly

When contributing to Voidly:

• Never commit secrets, API keys, or credentials
• Use environment variables for sensitive configuration
• Review dependencies before adding them
• Report suspicious activity immediately

• Security issues: security@voidly.ai
• General inquiries: research@voidly.ai