If you discover a security vulnerability in Arc Relay, please report it responsibly.

Email: security@commacompliance.ai

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• 48 hours - We will acknowledge receipt of your report
• 7 days - We will provide an initial assessment and expected fix timeline
• 30 days - We aim to release a fix for confirmed vulnerabilities

We ask that you:

• Do not publicly disclose the vulnerability until we have released a fix
• Do not exploit the vulnerability beyond what is necessary to demonstrate it
• Do not access or modify other users' data

We will credit reporters in the release notes unless you prefer to remain anonymous.

We provide security updates for the latest minor release only.