If you discover a security vulnerability, please report it responsibly:

1. DO NOT open a public GitHub issue
2. Email: support@saaskit.app
3. Include a description of the vulnerability, steps to reproduce, and potential impact

We will respond within 48 hours and work with you to resolve the issue.

• Always use HTTPS for server connections
• Keep your ~/.free/access.key private
• Do not share QR codes or session tokens
• Use environment variables for sensitive configuration (never hardcode secrets)