We take security seriously. If you discover a vulnerability, please report it responsibly.

• Email: security@leaflock.app
• Or open a private Security Advisory via GitHub Security.

Please include:

• A description of the issue and potential impact
• Steps to reproduce (proof of concept if possible)
• Affected versions or commit

We will acknowledge receipt within 72 hours and keep you updated on remediation progress.

• LeafLock backend (Go), frontend (Vite/React), deployment scripts and Helm chart
• Excludes third-party dependencies and services

We prefer coordinated disclosure. We will work with you to establish a timeline that protects users while enabling a timely fix and release.