We take security seriously. If you discover a security vulnerability in Range App, please report it responsibly.

1. Do NOT open a public issue for security vulnerabilities
2. Use GitHub Security Advisories to report privately
3. Alternatively, email security concerns to the maintainer

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Initial response: Within 48 hours
• Status update: Within 7 days
• Resolution target: Depends on severity

Since Range App stores all data locally in the browser (no backend server), the primary security concerns are:

• Cross-site scripting (XSS) vulnerabilities
• Malicious input handling
• Data import/export security
• Service worker vulnerabilities

We appreciate responsible disclosure and will acknowledge security researchers in our release notes (with permission).