# Security Policy

This security policy outlines how security vulnerabilities should be reported and handled for Typebot. We take security seriously and appreciate the community's efforts in helping maintain a secure project.

## Report a vulnerability

If you discover a security vulnerability in Typebot, please report it through the Security tab in our GitHub repository. This ensures that your report is handled confidentially until a fix is available.

1. Navigate to the Typebot GitHub repository
2. Head over to the [Security tab](https://github.com/baptisteArno/typebot.io/security) in the Github repository.
3. Click on "Report a vulnerability"
4. Provide a detailed description of the vulnerability.

This should include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggestions for mitigation or fixes (if available)

We aim to acknowledge all vulnerability reports within 48 hours of submission.

## Disclosure Policy
We follow a coordinated disclosure process:
- The vulnerability is kept confidential until a fix is available
- Once a fix is implemented, we will release an update
- After users have had reasonable time to update, details of the vulnerability may be publicly disclosed

## Security Best Practices for Self-hosters

- Keep your Typebot installation updated to the latest version
- Follow security best practices for any infrastructure hosting Typebot
- Regularly review your chatbot configurations for potential security issues