Security & Vulnerability Disclosure

Reporting Security Issues

If you discover a security vulnerability in FeatureVote, please report it responsibly to:

support@featurevote.app

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Proof-of-concept (if applicable)

Our Commitment

We will:

• Acknowledge receipt within 48 hours
• Investigate and provide updates
• Credit researchers (unless you prefer anonymity)
• Not pursue legal action against good-faith security research

Safe Harbor

We support researchers who:

• Report vulnerabilities privately
• Avoid accessing or modifying user data unnecessarily
• Don't disrupt our service
• Give us reasonable time to fix issues

Scope

In scope:

• FeatureVote web application and API
• Slack integration OAuth flow
• Authentication and authorization

Out of scope:

• Third-party services (Supabase, Slack)
• DoS attacks
• Social engineering

Security Practices

• Encryption: AES-256-GCM for sensitive data, TLS for all connections
• Database: Row-level security policies enforce access control
• Authentication: OAuth 2.0 via Supabase Auth
• Infrastructure: Hosted on Supabase and Vercel

Data Privacy

Users can access, delete, and export their data at any time. We comply with GDPR requirements and only collect data necessary for service functionality.

Contact

For all security and privacy inquiries: support@featurevote.app

Last updated: January 12, 2026