Security Policy
Reporting a Vulnerability
If you discover a security vulnerability in sparQ, please report it responsibly.
Do NOT file a public GitHub issue for security vulnerabilities.
Instead, email: dev@remarqable.io
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)
Response Timeline
- Acknowledgment: Within 48 hours of receipt
- Initial assessment: Within 5 business days
- Fix or mitigation: Varies by severity —
- Critical: 72 hours
- High: 1 week
- Medium/Low: Next scheduled release
Scope
This policy applies to:
- The sparQ application
- sparQOne hosted services (*.sparqone.com)
- The getsparq installation script
Recognition
We appreciate responsible disclosure and will credit reporters (with permission) in release notes when vulnerabilities are addressed.