We take security seriously. If you discover a security vulnerability, please follow these steps:

• Open a public GitHub issue
• Share details publicly before the issue is resolved

1. Email: Send details to [[email protected]]
2. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution: Depends on severity

This project follows security best practices:

• ✅ Dependencies regularly updated
• ✅ No sensitive data in repository
• ✅ Input validation on all API endpoints
• ✅ Type hints and static analysis (mypy)
• ✅ Automated testing in CI/CD

This security policy applies to:

• Source code in src/ and api/
• Docker configurations
• CI/CD workflows

Thank you for helping keep this project secure! 🔒