Add complete community documentation

- README.md: Product overview + issue tracker landing
- SECURITY.md: Responsible disclosure policy
- CODE_OF_CONDUCT.md: Community guidelines
- CONTRIBUTING.md: How to contribute
- SUPPORT.md: Comprehensive support guide
- Issue templates: Bug, feature, support, docs, security

All references updated to evercatch.dev domain.

SECURITY.md

@@ -2,23 +2,98 @@
 
 ## Reporting a Vulnerability
 
-If you discover a security vulnerability in any Evercatch repository,
-please do **not** open a public issue.
+**We take security seriously.** If you discover a security vulnerability, please report it responsibly.
 
-Report it privately to: **security@evercatch.io**
+### 🔒 How to Report
 
-Include:
-- A description of the vulnerability
-- Steps to reproduce
-- Potential impact
-- Any suggested fixes if available
+**Email:** [security@evercatch.dev](mailto:security@evercatch.dev)
 
-We will acknowledge receipt within 48 hours and aim to release a fix
-within 14 days depending on severity.
+**DO NOT:**
+- ❌ Open a public GitHub/Gitea issue
+- ❌ Disclose the vulnerability publicly
+- ❌ Exploit the vulnerability
 
-## Supported Versions
+**DO:**
+- ✅ Email us with detailed information
+- ✅ Give us reasonable time to fix it
+- ✅ Follow responsible disclosure practices
 
-| Version | Supported |
-| :--- | :---: |
-| Latest `main` | ✅ |
-| Older releases | ❌ |
+### 📧 What to Include
+
+Please include as much information as possible:
+
+- **Description** - What is the vulnerability?
+- **Impact** - What could an attacker do?
+- **Steps to Reproduce** - How can we reproduce it?
+- **Proof of Concept** - Code, screenshots, or examples
+- **Suggested Fix** - If you have ideas
+- **Your Contact Info** - For follow-up questions
+
+### ⏱️ Our Response Process
+
+1. **Acknowledgment** - We'll respond within 24 hours
+2. **Assessment** - We'll evaluate severity and impact
+3. **Updates** - We'll provide updates every 48 hours
+4. **Fix** - We'll develop and test a patch
+5. **Disclosure** - We'll coordinate public disclosure with you
+6. **Credit** - We'll credit you in our security advisory (if desired)
+
+### 🎯 Severity Levels
+
+| Level | Description | Response Time |
+|-------|-------------|---------------|
+| **Critical** | Data breach, RCE, privilege escalation | 24 hours |
+| **High** | Auth bypass, SQL injection, XSS | 48 hours |
+| **Medium** | CSRF, info disclosure, DoS | 1 week |
+| **Low** | Security misconfigurations | 2 weeks |
+
+### 💰 Bug Bounty Program
+
+We currently don't have a formal bug bounty program, but we may provide:
+
+- 🎁 Swag (t-shirts, stickers)
+- 💳 Free subscription upgrades
+- 💵 Monetary rewards for critical vulnerabilities (case-by-case)
+- 🏆 Public recognition (if desired)
+
+### ✅ In Scope
+
+- API endpoints (api.evercatch.dev)
+- Web dashboard (app.evercatch.dev)
+- Authentication/authorization
+- Data storage and access controls
+- Webhook forwarding logic
+- Billing system
+
+### ❌ Out of Scope
+
+- Social engineering attacks
+- Physical attacks
+- DoS/DDoS attacks
+- Spam or abuse of service
+- Issues in third-party services (Stripe, SendGrid, etc.)
+- Theoretical vulnerabilities without proof of concept
+
+### 🛡️ Security Measures We Take
+
+- **Encryption** - TLS 1.3 in transit, AES-256 at rest
+- **Authentication** - API keys hashed with bcrypt
+- **Rate Limiting** - Per-tier limits prevent abuse
+- **Input Validation** - All inputs sanitized
+- **Monitoring** - 24/7 monitoring for suspicious activity
+- **Audits** - Regular security audits
+- **Compliance** - SOC2 Type II (planned Q2 2026)
+
+### 📜 Security Advisories
+
+Past security advisories: [evercatch.dev/security](https://evercatch.dev/security)
+
+### 📞 Contact
+
+- **Security Team:** security@evercatch.dev
+- **PGP Key:** [Download](https://evercatch.dev/pgp)
+- **Status Page:** [status.evercatch.dev](https://status.evercatch.dev)
+
+---
+
+**Thank you for helping keep Evercatch and our users safe!** 🔐