introduce security policy in readme

RubenHalman · RubenHalman · commit 2f2a865487fd · 2025-10-30T16:12:13.000+01:00
diff --git a/README.md b/README.md
@@ -18,6 +18,9 @@ Use our side bar or the **Command Palette** and type `Flow Scanner` to see the l
 * `Fix Flows` will apply available fixes automatically.
 * `Open Documentation` can be used to reference the documentation.
 
+**Zero user data collected.** All analysis runs 100% client-side.  
+→ See Data Handling in our [Security Policy](https://github.com/Flow-Scanner/lightning-flow-scanner-vsx?tab=security-ov-file).
+
 ## Configuration
 
 | Key                              | Description                                                                       | Default Value                 |
diff --git a/SECURITY.md b/SECURITY.md
@@ -12,7 +12,9 @@ If you discover a security vulnerability, please report it using [GitHub vulnera
 
 ## Data Handling
 
-This project collects zero user data. No credentials, PII, payment info, or health data is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to any external services.
+This project collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
+
+**Note:** We temporarily fetch metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
 
 ## Dependencies
 
