# Security Policy

OpenSRE is designed for security-sensitive compute environments. We prioritize transparency, least privilege, and minimizing data exposure.

## Trust Center

For our security posture, architecture overview, compliance information, and subprocessors, see:

https://trust.tracer.cloud/

## Reporting a Vulnerability

If you believe you’ve found a security vulnerability in Tracer, please report it privately.

**Please do not open a public GitHub issue** for security vulnerabilities.

Email: support@opensre.com

### What to include

To help us triage quickly, please include:

- a clear description of the issue
- affected component(s) and version(s)
- steps to reproduce (or a minimal proof-of-concept)
- observed / expected behavior
- impact assessment (what an attacker could achieve)

### Coordinated disclosure

Please avoid public disclosure until we’ve had a reasonable opportunity to investigate and remediate. We’ll coordinate timelines with you when appropriate.

## Non-security Support

If you need product help or documentation, use:

- Docs: https://opensre.com/docs
- Book a demo: https://opensre.com
- Email: support@opensre.com