If you discover a security vulnerability in Acepe, please report it responsibly.

Do not open a public issue. Instead, email us at sasha.zelts@acepe.dev with:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will acknowledge your report within 48 hours and aim to release a fix within 7 days for critical issues.

This policy covers the Acepe desktop application and its bundled components. Third-party dependencies are handled through Dependabot and regular audits.