# 🔒 Security Policy

## Supported Versions

| Version | Supported |
|---|---|
| 5.x | ✅ |
| < 5.0 | ❌ |

## Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in FireScan:

1. **Do NOT** create a public GitHub issue
2. Email us at: `security@hackerai.co`
3. Include detailed steps to reproduce
4. Include your contact info for follow-up

You should receive a response within 48 hours. We will keep you informed of the fix progress.

## Responsible Disclosure

We request that you:
- Give us reasonable time to fix the issue
- Make every effort to avoid privacy violations
- Only test targets you own or have written permission to test

## Scope

FireScan is an authorized security testing tool. By design, it:
- Does not contain backdoors or telemetry
- Does not exfiltrate data
- Is fully open source and auditable
- Only scans targets specified by the user

## Safe Usage

FireScan is designed for:
- Authorized penetration testing
- Network security assessments
- Educational purposes
- Bug bounty hunting (with permission)

Always ensure you have explicit permission before scanning any target.