We take the security of PALO Framework seriously. If you believe you have found a security vulnerability, please report it to us as described below.

• Open a public GitHub issue for security vulnerabilities
• Disclose the vulnerability publicly before we've had a chance to address it

1. Email us at security@paloframework.org with:

   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

2. Allow reasonable time for us to respond (typically within 48 hours)

3. Work with us to understand and resolve the issue

• Acknowledgment: We will acknowledge your report within 48 hours
• Assessment: We will assess the vulnerability and determine its severity
• Timeline: We will provide an estimated timeline for a fix
• Disclosure: We will coordinate with you on public disclosure timing
• Credit: We will credit you for the discovery (unless you prefer anonymity)

The PALO Framework website implements the following security measures:

• ✅ HTTPS-only access
• ✅ Security headers (CSP, X-Frame-Options, etc.)
• ✅ No server-side data storage (static site)
• ✅ No external tracking or analytics
• ✅ Subresource Integrity (SRI) for CDN resources

• No personal data collection
• No cookies (except essential functionality)
• No third-party data sharing
• All tools operate client-side only

Our security contact information is also available at:

https://paloframework.org/.well-known/security.txt

We believe in responsible disclosure and will:

1. Work with security researchers in good faith
2. Not pursue legal action against researchers who follow this policy
3. Publicly acknowledge researchers who help improve our security

Thank you for helping keep PALO Framework and its users safe! 🛡️