If you discover a security vulnerability in HavenAcknowledgments, please report it responsibly. Do not open a public issue.

Send an email to security@havenapps.net with:

• A description of the vulnerability
• Steps to reproduce the issue
• Any relevant logs, screenshots, or proof-of-concept code
• Your assessment of the severity and potential impact

We will acknowledge receipt within 72 hours and aim to provide a fix or mitigation plan promptly.

This policy covers the HavenAcknowledgments Swift package, including:

• License file parsing and detection
• Acknowledgments manifest generation
• Bundle resource loading
• All public API surface

We ask that you give us reasonable time to address the issue before any public disclosure. We are committed to crediting reporters who follow responsible disclosure practices.