Security Policy

Reporting Security Vulnerabilities

We take the security of Bini seriously. If you believe you have found a security vulnerability, please report it to us as described below.

How to Report

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Suggested fix (if any)

What to Expect

• We will acknowledge receipt of your report within 48 hours
• We will provide an initial assessment within 5 business days
• We will keep you informed of our progress
• We will notify you when the vulnerability has been resolved

Responsible Disclosure

We follow responsible disclosure practices. Please:

• Do not publicly disclose the vulnerability until we have addressed it
• Allow us reasonable time to fix the issue before disclosure
• Do not access or modify user data without authorization
• Do not perform any actions that could harm our users or services

Recognition

With your permission, we would like to recognize your contribution to keeping Bini secure. We maintain a security acknowledgments page for researchers who help us improve our security.

Out of Scope

The following are considered out of scope for security reporting:

• Social engineering attacks
• Physical security issues
• Denial of service attacks
• Issues requiring physical access to a user's device
• Issues in third-party applications or services