Please DO NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via email to: security@codepause.dev

Please include:

• Type of vulnerability
• Full paths of source file(s) related to the vulnerability
• Location of the affected source code (tag/branch/commit/URL)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue

• We will acknowledge receipt within 48 hours
• We will send a more detailed response within 7 days
• We will keep you informed of progress toward a fix
• We may ask for additional information or guidance

• Security vulnerabilities will be disclosed after a fix is released
• We aim to release fixes within 30 days of confirmed report
• You will be credited for the discovery (unless you prefer to remain anonymous)

CodePause follows these security practices:

• All data stored locally (no external servers)
• No network requests except telemetry (opt-in)
• File paths can be anonymized
• No sensitive data collected
• Regular dependency updates
• CodeQL security scanning on all commits

We recognize security researchers who help keep CodePause secure:

Thank you for helping keep CodePause and its users safe!