As a platform that manages public infrastructure reports and citizen data, security and data privacy are top priorities for FIXAM.

Currently, the primary (main/master) branch is actively supported with security updates.

If you discover a potential security vulnerability in FIXAM, please do not disclose it publicly. Our community and our users rely on the responsible disclosure of vulnerabilities.

Please report the vulnerability by creating a private and confidential report or emailing the core maintainers directly.

In your report, please include:

• A description of the vulnerability.
• Detailed steps to reproduce the issue.
• Any potential impact or risk to user data or system integrity.

We will acknowledge receipt of your report promptly and will work to triage and address the issue as quickly as possible. Once the vulnerability is resolved, we will publish a release containing the fix and acknowledge your contribution if desired.

FIXAM minimizes the collection of Personally Identifiable Information (PII) beyond what is strictly necessary to acknowledge issues and send status updates. The local AI engine (Whisper, NudeNet) processes data fully locally where possible to avoid sharing sensitive data with third parties without consent. Access control and database security measures are employed; please ensure you do not commit any live credentials to the final repository.