# Security Policy ## Reporting a Vulnerability If you discover a security vulnerability in Arc Relay, please report it responsibly. **Email:** security@commacompliance.ai Please include: - Description of the vulnerability - Steps to reproduce - Potential impact - Suggested fix (if any) ## Response Timeline - **48 hours** - We will acknowledge receipt of your report - **7 days** - We will provide an initial assessment and expected fix timeline - **30 days** - We aim to release a fix for confirmed vulnerabilities ## Responsible Disclosure We ask that you: - Do not publicly disclose the vulnerability until we have released a fix - Do not exploit the vulnerability beyond what is necessary to demonstrate it - Do not access or modify other users' data We will credit reporters in the release notes unless you prefer to remain anonymous. ## Supported Versions We provide security updates for the latest minor release only.