# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| main    | :white_check_mark: |

## Reporting a Vulnerability

If you discover a security vulnerability in this repository, please report it responsibly:

1. **Email:** edwin.estro@me.com
2. **Expected response time:** 48-72 hours

Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)

**Do not** open a public GitHub issue for security vulnerabilities.

## Security Best Practices

Contributors should:
- Never commit secrets, API keys, or credentials
- Use environment variables for sensitive configuration
- Follow the principle of least privilege
- Keep dependencies up to date
- Review code changes for security implications

## Scope

This policy applies to:
- All code in this repository
- GitHub Actions workflows
- Azure Static Web Apps deployment

Thank you for helping keep this project secure.