If you discover a security vulnerability in GeoStorm, please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

Instead, email scottfrasso@gmail.com with:

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes (if you have them)

You should receive a response within 72 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.

This policy covers the GeoStorm application code in this repository. Third-party dependencies are managed via uv (Python) and pnpm (Node) with lockfiles to pin versions.