Security
Frame Localizer Security Policy
1. Reporting
Security issues should be reported privately through the designated reporting channel.
Please do not disclose vulnerabilities publicly before they are resolved.
2. Scope
- the Frame Localizer plugin
- the hosted backend service
- service-related data handling
3. Out of Scope
- third-party services not operated by Frame Localizer
- external platform vulnerabilities
4. Handling Process
Reported issues are reviewed, prioritized, and addressed based on severity and impact.
We may coordinate disclosure after a fix has been deployed.
5. Submissions
- description of the issue
- reproduction steps
- impact assessment
Only submit information you are authorized to access.
6. Report Form
Use this form as the designated private reporting channel for security issues related to Frame Localizer. Required fields and length limits are enforced server-side, and a lightweight anti-abuse check is applied to submissions.