Implements a new Security Policy:
Zero persistent data – Metadata (e.g., timestamps, Flow state) is used in-memory only during active sessions and discarded immediately upon close. No data is ever stored, logged, or transmitted.
All analysis remains 100% client-side with no external network calls.
→ Full policy: SECURITY.md