# Security Policy

When you think you've discovered a security issue, please contact us at hello@photoprism.app.

Your report should at least include the following:

- Version and architecture
- Vulnerability description
- Reproduction steps

We will then try to reproduce it, determine the impact, and get back to you as soon as possible.

Please also report vulnerabilities in third-party applications.

### Responsible Disclosure ###

- Only test for vulnerabilities on your own PhotoPrism instance
- Confirm the vulnerability applies to a supported version
- Share vulnerability details with us first
- Wait for a fix before publicly sharing details