We take security seriously at Jan. If you discover a security vulnerability, please follow these steps:

1. Do not open a public issue
2. Ping us privately on Discord or fill in this form
3. Include steps to reproduce the issue if possible
4. Allow us reasonable time to respond before any public disclosure

• We will acknowledge receipt of your report within 48 hours
• We will provide an estimated timeline for a fix
• We will notify you when the vulnerability is fixed
• We appreciate responsible disclosure and will credit researchers who report valid vulnerabilities

This security policy applies to all repositories under the Jan organization.