# Security Policy
## Reporting Security Issues
Please do not report security issues publicly in GitHub Issues.
If you find a security problem, such as exposed credentials, unsafe configuration, token leakage, or a vulnerability, contact the maintainer privately.
## Sensitive Data
Never publish or share:
- Telegram bot tokens
- Amazon PA-API keys
- Amazon Partner Tags, if private
- .env files
- user data files
- logs
- local databases
- runtime buffers
## Recommended Setup
Always keep your real credentials inside a local .env file.
The .env file is ignored by Git and must never be committed to the repository.
## Responsibility
Users are responsible for configuring the bot securely and following the Amazon Associates Program policies.