Update security notes regarding data handling

RubenHalman · web-flow · commit 099ac9d241ae · 2025-10-30T19:11:16.000+01:00
Clarified note about metadata usage and added information on manual saving of scan results.
diff --git a/SECURITY.md b/SECURITY.md
@@ -14,7 +14,9 @@ If you discover a security vulnerability, please report it using [GitHub vulnera
 
 This project collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
 
-**Note:** We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
+We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
+
+**Note:** You may manually save scan results (e.g., reports, CSV, JSON) to your local filesystem. These files are created at your request and remain **under your full control. The tool does not access, upload, or retain them.
 
 ## Dependencies
 
