We actively support and provide security updates for the following versions:

We take security vulnerabilities seriously. If you discover a security vulnerability in ORaffle, please follow these steps:

1. Do NOT create a public GitHub issue for security vulnerabilities
2. Contact us privately through one of these methods:
   • Create a private security advisory on GitHub
   • Send an email to the maintainer via GitHub profile
   • Open a draft security advisory at: https://github.com/WidgetSuite/oraffle/security/advisories

When reporting a vulnerability, please include:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Suggested fix (if you have one)
• Your contact information for follow-up

• Initial Response: Within 48 hours of report
• Assessment: Within 7 days we'll provide an initial assessment
• Fix Timeline: Critical issues will be addressed within 14 days
• Disclosure: We'll coordinate with you on responsible disclosure

ORaffle is designed with privacy in mind:

• Local Storage Only: All quiz data is stored locally
• No External Data: The app doesn't send personal data to external servers
• File Processing: Uploaded images are processed locally in the browser

Users should be aware of these areas:

• Local Storage: Data persistence uses browser localStorage, which can be accessed by other scripts on the same domain

• Keep your browser updated to the latest version
• Regularly clear browser storage if sharing devices
• Only use the official deployment or build from source

This security policy applies to:

• The main ORaffle application
• Official deployments and releases
• Dependencies and third-party integrations

We regularly monitor our dependencies for security vulnerabilities:

• Flutter Framework: Updated to stable releases
• Dart Packages: Monitored via flutter pub audit

Security updates will be:

• Released as patch versions (e.g., 1.1.2)
• Documented in the CHANGELOG.md
• Announced in GitHub releases
• Tagged with security labels when applicable

For security-related questions or concerns:

• Security Issues: Use GitHub Security Advisories
• General Questions: Create a GitHub Discussion
• Maintainer: @WidgetSuite

Thank you for helping keep ORaffle secure!