This repository is public and intended for open-source collaboration, but it should not contain:

• real bot tokens
• API keys
• .env files
• production logs
• real receipt photos with personal or sensitive data

If you discover a security issue:

1. Do not open a public GitHub issue with exploit details.
2. Contact the maintainer privately first.
3. Include:
   • a short description of the issue
   • affected area
   • reproduction steps
   • impact
   • suggested fix if you have one

Until a dedicated security contact is published, use a private channel already known to the maintainer rather than public issues.

Please do not submit:

• real customer receipts
• personal payment data
• screenshots containing names, phone numbers, or card/payment details
• production credentials or infrastructure paths

Use synthetic or sanitized samples instead.