We take security seriously at APIVerve. If you discover a security vulnerability in APIVerve Studio, please report it responsibly.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please email us at: security@apiverve.com

Include as much of the following information as possible:

• Type of vulnerability (e.g., remote code execution, data exposure, etc.)
• Full paths of source file(s) related to the vulnerability (if known)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if available)
• Impact of the vulnerability

• Acknowledgment: We will acknowledge receipt of your report within 48 hours.
• Communication: We will keep you informed of our progress as we work on a fix.
• Resolution: We aim to resolve critical vulnerabilities within 7 days.
• Credit: We're happy to credit you in our release notes (unless you prefer to remain anonymous).

This security policy applies to:

• APIVerve Studio desktop application (Windows, macOS, Linux)
• The official releases distributed through this GitHub repository

• Third-party dependencies (please report to the respective maintainers)
• Social engineering attacks
• Physical attacks

When using APIVerve Studio:

1. Download from official sources only - Only download from this GitHub repository or studio.apiverve.com
2. Verify checksums - Check the SHA256 checksums provided with each release
3. Keep updated - Always use the latest version for security fixes
4. Secure your data - Your API keys and credentials are stored locally; keep your device secure

APIVerve Studio is designed with privacy in mind:

• All data is stored locally on your device by default
• No telemetry or usage data is collected without your consent
• Cloud sync is optional and requires explicit sign-in
• We do not have access to your API keys, requests, or response data

For more information, see our Privacy Policy.