Report suspected vulnerabilities privately to [email protected].

• Do not put MakePay API keys in Framer components.
• Keep prices and entitlements in the relay catalog.
• Verify MakePay webhooks with X-MakePay-Signature.
• Treat component props as untrusted browser input.