If you discover a security vulnerability in Patter, please report it responsibly.

Email: security@getpatter.com

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: within 48 hours
• Initial assessment: within 7 days
• Fix timeline: within 90 days (critical issues prioritized)

We are interested in vulnerabilities related to:

• Authentication and authorization bypass
• API key or credential exposure
• Injection attacks (SQL, command, prompt)
• SSRF or webhook security issues
• Telephony abuse (toll fraud, caller ID spoofing)
• Cross-site scripting (XSS) in the dashboard

• Feature requests (use GitHub Issues)
• General bugs that do not have a security impact
• Social engineering attacks
• Denial of service (DoS) attacks

We follow coordinated disclosure. Please do not publicly disclose vulnerabilities until we have released a fix and notified affected users.