If you discover a security vulnerability, please report it responsibly:

1. Do NOT create a public GitHub issue
2. Email: krishna@helloagent.in
3. Include steps to reproduce
4. We'll respond within 48 hours

• Never commit .env files
• Use environment variables for all secrets
• Enable Row Level Security (RLS) on all Supabase tables
• Rotate API keys regularly
• Use HTTPS for all webhooks