# Security Policy ## Supported Versions | Version | Supported | | --- | --- | | Latest project state | Yes | ## Reporting A Vulnerability Report security issues privately to the project owner. Do not include secrets, production data, private credentials, or unreleased exploit details in public issues. ## Project Security Principles - Keep secrets out of the repository. - Do not commit `.env` files, tokens, certificates, private keys, or generated credentials. - Prefer local processing for user data. - Document external network calls when implementation begins. - Keep release artifacts reproducible through CI once release artifacts exist. - Run dependency audits before releases once dependencies exist.