Security Policy
Effective date: July 1, 2026 · Version 1.0
1. Security architecture
Kairon runs each site in an isolated renderer process (site isolation), sandboxes renderer processes from direct system access, and applies IPC flood protection to limit how fast a renderer can message the privileged browser process.
2. Patch commitments
Confirmed critical vulnerabilities are patched and shipped within 72 hours of validation where technically feasible. High-severity issues are targeted for the next scheduled release, typically within two weeks.
3. Extension review
Extensions submitted to the Kairon store undergo automated static analysis and manual review of requested permissions before publication, and are re-reviewed on major version updates.
4. Incident response
Confirmed security incidents affecting user data are investigated, contained, and disclosed to affected users without undue delay, consistent with applicable breach-notification law.
5. Reporting a vulnerability
See the Responsible Vulnerability Disclosure Policy for how to report a security issue and what to expect from us in response.