If you discover a security vulnerability in Office Break, please report it responsibly.

Do not open a public issue.

Instead, please use GitHub's private vulnerability reporting to submit your report. This ensures the issue stays confidential until a fix is available.

Please include:

• A description of the vulnerability
• Steps to reproduce it
• The potential impact
• Any suggested fix (optional)

You can expect an initial response within 7 days. Once the vulnerability is confirmed, a fix will be prioritized and released as soon as possible.

This policy covers the Office Break Android application and its source code. Third-party dependencies are out of scope, but reports about vulnerable dependencies are welcome.