anipub/SECURITY.md

A simple Anime Watching Site using Nodejs

# 🔒 AniPub Security Policy

Welcome to AniPub’s Security Policy!  
Your safety and privacy are at the core of our mission. We take security seriously, so you can enjoy anime worry-free.

---

## 🛡️ Reporting Vulnerabilities

If you find a security vulnerability or have concerns regarding AniPub’s security:
- **Please DO NOT open a public issue.**
- Email us directly at **abdullahal467bp@gmail.com**
- Include as much detail as possible: what you found, steps to reproduce, potential impact, etc.

We’ll get back to you ASAP! Responsible disclosure helps keep the whole community safe.

---

## 🔐 How We Protect You

- **Password Security:** All passwords are securely hashed before storage—never stored in plain text.
- **Authentication:** JWT-based authentication for user sessions. OAuth support coming soon.
- **Session Management:** Only you can access your account. Inactivity triggers session expiration.
- **Data Transmission:** All data is encrypted using HTTPS.
- **Access Control:** Strict permission checks on all user actions.
- **Regular Updates:** Dependencies and code are reviewed and updated frequently for security.
- **No Sensitive Data Sharing:** We never sell or share your personal data.

---

## 🚨 Responsible Disclosure Rules

- Do not attempt to access or modify accounts or data that does not belong to you.
- Do not run automated or denial-of-service attacks.
- Give us reasonable time to respond before any public disclosure.
- Be respectful and ethical in your actions and communication.

---

## 🛠️ Our Commitment

AniPub is under active development, and new features are being added all the time.
- Security patches are our top priority.
- We will credit responsible reporters (if desired).
- For major vulnerabilities, we may roll out hotfixes and notify users if necessary.

---

## ❤️ Thanks!

Thank you for helping us keep AniPub fun and safe for everyone!  
Your vigilance makes the anime community even stronger.

Stay secure,  
The AniPub Team