name: 🔐 Security Vulnerability
about: Report a security issue (PRIVATE - use email instead)
title: 'DO NOT USE - Email security@evercatch.dev'
labels: ['security']
body:
  - type: markdown
    attributes:
      value: |
        # ⚠️ STOP — DO NOT USE THIS TEMPLATE

        **Security vulnerabilities should NOT be reported publicly.**

        Please email us instead: **security@evercatch.dev**

        ---

        ### Why?

        Public disclosure of security issues can:
        - Put user data at risk
        - Allow attackers to exploit the vulnerability before a fix is ready
        - Violate responsible disclosure practices

        ---

        ### What to Include in Your Email

        - **Description** — What is the vulnerability?
        - **Steps to Reproduce** — How can we reproduce it?
        - **Impact** — What could an attacker do?
        - **Proof of Concept** — Code or screenshots (optional)
        - **Suggested Fix** — If you have one
        - **Your Contact Info** — For follow-up

        ---

        ### Our Commitment

        - ✅ Response within 24 hours
        - ✅ Updates every 48 hours
        - ✅ Credit in security advisories (if desired)
        - ✅ Potential bug bounty for critical issues

        Read our full security policy: [SECURITY.md](../../SECURITY.md)

        ---

        **Thank you for keeping Evercatch secure! 🔒**

  - type: checkboxes
    id: acknowledge
    attributes:
      label: Acknowledgement
      options:
        - label: I understand I should email security@evercatch.dev instead of using this form.
          required: true