If you discover a security issue, report it privately by email:

• security@projectbook.dev

Please include:

• A clear description of the issue.
• Steps to reproduce.
• Potential impact.
• Any suggested mitigation.

• Do not open public issues for security bugs.
• Do not disclose security details publicly until a fix is available.

• Initial acknowledgment target: within 72 hours.
• We will validate the report, work on remediation, and coordinate disclosure.