If you discover a security vulnerability in Solvia, especially related to:

• Groq API usage or request handling
• Exposure of API keys (secrets.toml / .env)
• Rule manipulation or text injection
• Streamlit environment leaks or improper configuration
• Unauthorized access to stored rule lists (remove_list.json)
• Any behavior that may cause data corruption or unintended output

Please DO NOT open a public issue.

Instead, report it privately:

• LinkedIn: Rakin Mohammed Rafeeq

We appreciate your responsible disclosure and will respond promptly.

• Acknowledgement within 48 hours
• Follow-up or fix within 7–10 days, depending on severity

To help resolve issues efficiently, please include (when possible):

• Steps to reproduce the vulnerability
• Expected vs. actual behavior
• Environment details (OS, browser, Streamlit deployment platform)
• Relevant logs, screenshots, or sample text
• Any additional notes that may help debugging

To stay secure when using Solvia:

• Do not expose your Groq API key publicly
• Use .streamlit/secrets.toml or environment variables
• Avoid submitting private, confidential, or sensitive text
• Keep dependencies updated and use secure deployment methods
• Clear temporary files when running locally

Thank you for helping keep Solvia secure.