# Security Policy

## Reporting a vulnerability

If you find a possible security vulnerability, please email security@phlex.fun. Do not create an issue or pull request either demonstrating or fixing the vulnerability.

## Bug bounty

[The Gem Foundation](https://ryanbigg.com/2022/11/the-gem-foundation) has kindly sponsored a $1 bug bounty to discover security vulnerabilities in Phlex.

## Sponsoring a bug bounty

If you wish to sponsor a bug bounty for Phlex, please get in touch with Joel at joel@drapper.me.