# 🔐 Security Policy

## Introduction

At Promptbook, we take security seriously. This document outlines our security policy, including how to report vulnerabilities and which versions we actively support with security updates.

## Supported Versions

We maintain security updates for the following Promptbook versions:

| Version  | Supported          |
| -------- | ------------------ |
| Latest   | :white_check_mark: |
| < Latest | :x:                |

Security patches are applied to the most recent major version. We strongly recommend keeping your Promptbook installation updated to the latest version.

## Reporting a Vulnerability

If you discover a security vulnerability in Promptbook, please:

1. **Report privately**: Email us at [security@ptbk.io](mailto:security@ptbk.io)
2. **Include details**: Provide a clear description of the vulnerability and steps to reproduce
3. **Wait for confirmation**: We'll acknowledge your report within 48 hours

Please do not disclose security vulnerabilities publicly until we've had the opportunity to address them.

## Response Timeline

-   **Acknowledgment**: Within 48 hours
-   **Initial Assessment**: Within 1 week
-   **Remediation Plan**: Within 2 weeks
-   **Security Patch**: Timeline varies based on complexity

## Disclosure Policy

Once a vulnerability is confirmed and addressed, we work with reporters to coordinate an appropriate disclosure timeline. We appreciate your collaboration in keeping our users secure.

## Security Best Practices

When using Promptbook:

-   Keep your installation up to date
-   Use strong authentication mechanisms
-   Follow the principle of least privilege when configuring access
-   Review our documentation for security recommendations