• Do not commit API keys, broker credentials, account data, or private watchlists.
• Keep credentials in local .env files.
• Use .env.example only for sample variable names.
• Keep private reports and exports under ignored folders.

Report security concerns to shawsignaldev@proton.me.