# Security Policy
## Reporting a Vulnerability
If you discover a security vulnerability in slashmail, please report it privately via email:
**mikewassmer@protonmail.com**
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
## Response Time
You can expect an initial response within 72 hours. Fixes for confirmed vulnerabilities will be prioritized and released as soon as possible.
## Scope
This policy covers the slashmail CLI tool itself, including IMAP command construction, TLS handling, and credential management.