Please report security issues privately via GitHub's Report a vulnerability button under the Security tab.

We aim to acknowledge new reports within 2 business days and provide a fix or mitigation timeline within 7 days. Please do not open a public issue, discussion, or PR for security problems — we will publish a coordinated advisory once a fix is shipped.

In scope: code in this repository (the HappyHQ documentation and changelog site).

Out of scope: the rendered content on https://happyhq.com itself (use the contact channels there), third-party services this site integrates with, social-engineering attempts, and denial of service.