If you discover a security vulnerability in this project, please report it responsibly.

Please do not open public issues for security vulnerabilities.

Instead, send an email to the maintainers with:

• A description of the vulnerability
• Steps to reproduce (if applicable)
• Potential impact
• Suggested fix (if any)

We aim to respond to security reports within 72 hours and will work with you to verify and address the issue promptly.

• Never commit .env files or API keys to the repository.
• Keep Firebase security rules restrictive and review them regularly.
• Use HTTPS in production.
• Enable rate limiting on authentication endpoints.
• Keep dependencies up to date.

We appreciate responsible disclosure and will acknowledge contributors who help improve the security of this project.