This policy covers the projects maintained by Wend HQ — currently Wend.

Wend is in early development (pre-1.0) and runs locally only: it listens on 127.0.0.1 and exposes no public network surface. There are no accounts, authentication, or remote data yet.

Please report security issues privately — don't open a public issue.

Use GitHub's private reporting: open the repository's Security tab → Report a vulnerability. That creates a private advisory only the maintainers can see.

We're a two-person student project, so we can't promise enterprise response times, but we take security seriously — we aim to acknowledge a report within a few days and work with you on a fix.

Thank you for helping keep Wend safe.