If you discover a security vulnerability in ferpa-haystack, please report it responsibly:

Do not open a public GitHub issue for security vulnerabilities.

Instead, email: ranaashu2321@gmail.com with subject line [SECURITY] ferpa-haystack vulnerability

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact (especially any FERPA compliance implications)
• Suggested fix (if known)

You will receive an acknowledgement within 48 hours and a resolution timeline within 7 days.

ferpa-haystack enforces FERPA (34 CFR § 99) access control at the Haystack retrieval layer. Security reports related to filter bypass, metadata spoofing, or identity impersonation are treated as critical priority.