Security Policy

Responsible Disclosure

At Roamei, we take security seriously. We appreciate security researchers who help us maintain a secure platform by responsibly disclosing vulnerabilities.

How to Report Security Issues

If you discover a security vulnerability, please report it to us at security@roamei.com

What to Include

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Suggested fix (if any)
• Your contact information

Our Commitment

• We will acknowledge receipt within 48 hours
• We will provide regular updates on the status
• We will credit researchers in our security advisories
• We will not take legal action against researchers who follow this policy

Out of Scope

• Social engineering attacks
• Physical security issues
• Third-party services not under our control
• Denial of service attacks

Security Measures

Our platform implements multiple security layers including:

• HTTPS enforcement with HSTS
• Content Security Policy (CSP)
• XSS protection headers
• CSRF protection
• Rate limiting on sensitive endpoints
• Admin route protection
• Regular security audits