Security Policy

This is a static VitePress health literacy project. Security issues are still possible, especially around website code, build workflows, third-party dependencies, privacy, and accidental exposure of sensitive information.

Supported Project State

Security and privacy fixes are handled on the current main branch.

Older snapshots, forks, screenshots, reposts, or copied versions are not maintained by this repository.

What To Report Privately

Please email casperukee@gmail.com if you find:

• a vulnerability in the website, build workflow, or deployment setup;
• a dependency issue that affects the published site;
• accidental publication of sensitive personal information;
• accidental publication of private source material, local paths, screenshots, PDFs, OCR, or copyrighted course content;
• a privacy issue in the feedback or logging mechanism.

Please do not open a public issue if the report contains sensitive information.

Medical-Safety Reports

Medical-safety issues are not classic software vulnerabilities, but they matter for this project.

Use the public medical-boundary issue template when a page:

• could delay urgent care;
• sounds like diagnosis, treatment, prescription, or medication-stopping advice;
• overstates certainty;
• gives a screening or threshold statement without enough context;
• misses a high-risk group such as children, pregnancy/postpartum, older adults, immunocompromised people, or people with serious chronic disease.

If the report involves a private medical situation, do not include personal details. Rewrite it as a general wording concern.

Disclosure Expectations

For private security or privacy reports, the maintainer will try to acknowledge the report, assess scope, and publish a fix or explanation when appropriate.

This project is maintained by an individual, so response time may vary. Urgent medical situations should always go to local emergency services or qualified clinicians, not this repository.