We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Please DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please email: security@papr.ai

Include the following in your report:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• We will acknowledge your email within 48 hours
• We will provide an initial assessment within 5 business days
• We will keep you updated on the progress
• We will credit you in the security advisory (unless you prefer to remain anonymous)

• We aim to disclose vulnerabilities within 90 days of the report
• Critical vulnerabilities will be patched and disclosed as soon as possible
• We will coordinate with you on the disclosure timeline

When self-hosting Papr Memory:

• Always use HTTPS in production
• Keep all dependencies up to date
• Use strong passwords for databases
• Regularly backup your data
• Implement rate limiting
• Monitor logs for suspicious activity
• Use firewall rules to restrict access

Thank you for helping keep Papr Memory secure!