We take the security of SQLens seriously. If you believe you have found a security vulnerability, please report it to us by following these steps:

1. open a GitHub issue.
2. Include as much detail as possible: steps to reproduce, impact, and a proof of concept if available.

We will acknowledge your report within 48 hours and keep you updated on our progress.

SQLens includes a RedactSensitive mode (set via SQLENS_REDACT_SENSITIVE=true). When enabled, the proxy will mask all literals in SQL queries before they reach the dashboard or logs. We recommend enabling this in production environments where queries may contain PII.