Security fixes are made on the default branch. This is a hackathon prototype and is not approved for clinical deployment.

If you find a vulnerability involving authentication, Supabase access, patient-data handling, email or voice follow-up, prompt injection, or escalation logic, do not open a public issue.

Email: evk23umu@uea.ac.uk Subject: safetynett security: <short description>

Please include:

• Reproduction steps
• Browser and operating system
• Whether a local or cloud environment was used
• Expected impact

I aim to respond within 7 days.

Do not enter real patient data, NHS numbers, phone numbers, clinical records, or credentials into public issues, screenshots, or demo environments. Use synthetic patients only.