| Project | Supported |
|---|---|
@syncupsuite/themes (latest) |
✅ |
webplatform4sync (latest) |
✅ |
| BrandSyncUp (pre-launch) | ✅ |
| LegalSyncUp (pre-launch) | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
To report a security vulnerability, email: security@syncupsuite.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations
You will receive an acknowledgement within 2 business days. We aim to release a fix or mitigation within 30 days for high-severity issues.
In scope:
- All production domains:
syncupsuite.com,brandsyncup.com,legalsyncup.com - Published npm packages:
@syncupsuite/* - Claude Code marketplace plugin:
webplatform4sync
Out of scope:
- Third-party services (Cloudflare, Neon, Firebase, GitHub)
- Social engineering attacks
- Denial of service
We follow coordinated disclosure. We ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Not access or modify data that does not belong to you
- Not perform actions that could degrade service availability
We will credit researchers in release notes unless they request anonymity.