# Security Policy

## Supported versions

| Version | Supported |
| ------- | --------- |
| 1.x     | ✅        |
| < 1.0   | ❌        |

## Reporting a vulnerability

Please **do not open a public issue** for security reports.

Use GitHub's [private vulnerability reporting](https://github.com/xt0n1-t3ch/Pulse-Claude-Code-Analytics/security/advisories/new) to submit a report.

Include:
- Affected version(s)
- Steps to reproduce
- Impact / attack scenario
- Any suggested remediation

You will receive an acknowledgement within 72 hours. Coordinated disclosure timelines are case-by-case; we aim for fixes within 14 days of confirmation.

## Scope

- Pulse desktop application
- The `pulse-core` Rust crate
- Official release binaries published on GitHub Releases

Out of scope:
- Third-party forks
- Dependencies (report upstream)
- Social engineering against contributors