If you discover a security vulnerability in DisplayPresets, please report it responsibly.

Do not open a public issue. Instead, use one of the following:

• GitHub Security Advisories (preferred)
• Contact the maintainer directly through the email on their GitHub profile

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix or mitigation: Depends on severity, but we aim for 30 days

This policy covers:

• The Python backend (display_presets/)
• The Electron frontend (electron-app/)
• The HTTP server that bridges Electron to Python (localhost only)
• Registry and filesystem operations

• The Python HTTP server binds to 127.0.0.1 only and is not exposed to the network.
• The app uses Windows Display Configuration API via ctypes with no elevated privileges by default.
• All user data is stored locally in %APPDATA%\DisplayPresets\.