Please report security or privacy issues privately to the repository owner instead of opening a public issue with sensitive details.

If a private channel is not available, open a minimal public issue that says a private report is needed, without attaching data or exploit details.

• Do not open public issues with private transaction data.
• Do not include real receipts, payment screenshots, invoices, bank statements, or personal finance exports.
• Do not include real names, phone numbers, addresses, card numbers, order numbers, identity documents, access tokens, or logs with device identifiers.
• Use mock data for reproduction steps.

Never commit Apple developer certificates, provisioning profiles, App Store Connect API keys, GitHub tokens, Cloudflare tokens, .env files, or private signing configuration.