ShieldCV supports the current main branch.

Please report security issues to security@shieldcv.app.

Best effort response time is within 72 hours.

Please include:

• A description of the issue
• Steps to reproduce
• Affected files, routes, or packages if known
• Any proof of concept or logs that help explain impact

This policy covers:

• The ShieldCV web application
• All packages in this monorepo
• Deployment and security configuration that ships with the repository

This project does not offer a bug bounty program.

Issues caused solely by:

• A compromised local operating system
• Malicious browser extensions
• User-selected weak passphrases
• Third-party services outside this repository

may still be useful to report, but they are outside the core application security boundary.