This policy applies to all repositories in the accelerate-data organization.
If you discover a security vulnerability, report it responsibly:
- Do not open a public issue.
- Email security@acceleratedata.ai, or use GitHub's private vulnerability reporting feature on the affected repository.
- Include steps to reproduce, affected components, and potential impact.
- Acknowledge: Within 48 hours of receiving the report.
- Triage: Assess severity and assign a fix owner within 7 days.
- Remediate: Ship a fix within 30 days for critical and high-severity issues.
We will coordinate disclosure with the reporter and credit them unless they prefer anonymity.
This policy covers all source code, infrastructure configuration, and published artifacts under the accelerate-data GitHub organization.
We will not pursue legal action against researchers who follow this policy and act in good faith.