If you discover a security vulnerability in Spotlight Notes, please report it privately by emailing the maintainers at [INSERT EMAIL] or by opening a GitHub Security Advisory at:

https://github.com/Isaccseven/spotlight-notes/security/advisories

Please do not report security vulnerabilities through public GitHub issues.

We aim to acknowledge receipt of vulnerability reports within 48 hours and will work to release a fix as soon as possible depending on severity.

• The Tauri/Rust backend (src-tauri/)
• The React/TypeScript frontend (src/)
• Build and dependency configuration

Third-party dependencies are out of scope unless a vulnerability in them affects the security of this application.