Please report suspected vulnerabilities by email: contact@sendmux.ai.

Do not open a public GitHub issue for security reports. Do not paste API keys, passwords, tokens, webhook secrets, customer data, or private account details into GitHub.

Useful reports include:

• The affected repository, package, endpoint, or documentation page.
• The impact and who may be affected.
• Reproduction steps or a proof of concept using test data only.
• Versions, package names, and environment details where relevant.
• Any mitigations you have already applied.

If the report needs sensitive details, say that in the email and we will arrange a safer exchange.

Supported scope covers current public Sendmux repositories, released SDK and tooling packages, and current public documentation.

We will acknowledge security reports by email, investigate the issue, and coordinate remediation and disclosure based on severity and affected users.