We take security seriously at Voidly. If you discover a security vulnerability in any Voidly repository, please report it responsibly.
Email: security@voidly.ai
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Resolution Timeline: Depends on severity, typically 30-90 days
This policy applies to:
- All repositories in the
voidly-aiorganization - The Voidly API (
api.voidly.ai) - Voidly web properties (
voidly.ai)
- Social engineering attacks
- Denial of service attacks
- Issues in third-party dependencies (report to upstream)
We will not pursue legal action against researchers who:
- Act in good faith
- Avoid privacy violations
- Do not destroy data
- Report findings promptly
When contributing to Voidly:
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Review dependencies before adding them
- Report suspicious activity immediately
- Security issues: security@voidly.ai
- General inquiries: research@voidly.ai