SSM models identity go-live workflows and may handle sensitive evidence in real deployments. This public repository should use fake/demo data only.

Please open a private security advisory on GitHub if available, or contact the maintainer through the profile contact channel. Do not publish exploit details in a public issue.

Security-sensitive areas include:

• authentication and session handling
• customer portal access control
• evidence upload/download paths
• report publication and visibility gates
• storage, email, and worker integrations

This project is not a compliance certification system. Production deployments require independent security review, retention policies, backup strategy, monitoring, and incident response.