If you discover a security vulnerability, please report it responsibly:

1. Do NOT create a public GitHub issue
2. Email ian@allowayllc.com with details
3. Include steps to reproduce if possible
4. Allow 48 hours for an initial response

We follow responsible disclosure. Once a fix is available, we will:

1. Patch the vulnerability
2. Release a new version
3. Credit the reporter (if desired)