For coordinated security disclosures across the PCCX organisation, see the org-level policy in pccxai/.github.

This repository has no security-sensitive runtime; reports about documentation factual errors or broken links are handled as normal issues.

• The Apache-2.0 licensed sources in this repository are reviewed by the project as a normal open-source codebase.
• Out-of-scope: deployments operated by other parties, third-party forks, and customer-specific binaries that are not part of this repository.

This file is operational policy, not legal advice. It does not modify any licence terms.