# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in any Evercatch repository,
please do **not** open a public issue.

Report it privately to: **security@evercatch.io**

Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes if available

We will acknowledge receipt within 48 hours and aim to release a fix
within 14 days depending on severity.

## Supported Versions

| Version | Supported |
| :--- | :---: |
| Latest `main` | ✅ |
| Older releases | ❌ |