# Security Policy

## Supported Versions

We maintain the latest main branch. Please ensure you are on a recent commit before reporting issues.

## Reporting a Vulnerability

- Email: `hello@cogni-x.com`
- Alternatively, open a confidential issue labeled `security`

Please include:

- A clear description and reproduction steps
- Impact and affected environments
- Suggested remediation if known

We aim to acknowledge within 72 hours and provide a fix or mitigation timeline after triage.

## Scope

This policy covers:

- Inference and configuration misuse leading to unsafe behavior
- Data leakage, PII exposure, or privacy concerns
- License or attribution compliance issues

## Responsible Disclosure

Do not publicly disclose vulnerabilities before coordinated release of a fix or mitigation. We appreciate your help keeping the community safe.