# Security Policy ## Reporting a Vulnerability If you believe you have found a security vulnerability in this SDK or in the SharpAPI service, please report it privately to: **[email protected]** (subject line: `[SECURITY] `) Please do not open a public GitHub issue for security reports. We will acknowledge receipt within 72 hours and aim to provide a status update within 7 days. If the issue is confirmed, we will work with you on disclosure timing. ## Scope In scope: - This SDK package and its published artifact on PyPI - The SharpAPI HTTP and WebSocket APIs (`api.sharpapi.io`, `ws.sharpapi.io`) Out of scope: - Findings in third-party dependencies (please report those upstream) - Denial of service via brute-force or volumetric attacks against the API - Issues that require physical access to a user's device