# Security Policy

## Supported Versions

| Version | Supported |
| --- | --- |
| Latest | Yes |

## Reporting A Vulnerability

Report security issues privately to the project owner.

Do not include secrets, production data, or private credentials in public issues.

## Project Security Principles

- Keep secrets out of the repository.
- Prefer local processing for user data.
- Document external network calls.
- Keep release artifacts reproducible through CI once CI exists.
- Run dependency audits before releases once dependencies exist.