# Security Policy

The PHPHR team takes security and data protection very seriously.
We appreciate the efforts of security researchers and the community in helping
keep PHPHR safe and reliable.

---

## 🚨 Reporting a Vulnerability

If you discover a security vulnerability in PHPHR, please **do not create a
public GitHub issue**.

Instead, report the vulnerability responsibly by contacting us at:

📧 **info@phphr.com**

Please include the following details:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Screenshots or logs (if available)

We aim to respond to all security reports within **48 hours**.

---

## 🛠 Supported Versions

Security updates are currently provided for:

| Version | Supported |
|--------|-----------|
| v3.x   | ✅ Yes     |

Older versions may not receive security updates.

---

## 🔐 Security Best Practices

We strongly recommend the following practices for all PHPHR installations:

- Use HTTPS in production environments
- Keep PHP, database, and server software updated
- Restrict file and directory permissions
- Change default administrator credentials immediately
- Perform regular database backups

---

## 📢 Disclosure Policy

Once a vulnerability is reported:
- We will acknowledge receipt of the report
- Investigate and validate the issue
- Release a fix as soon as possible
- Provide credit to the reporter (if requested)

---

## 🙏 Thank You

Thank you for helping keep PHPHR secure and trusted.
Your responsible disclosure helps protect the entire community.