Please report security issues privately using GitHub Security Advisories for this repository.

• Do not open public GitHub issues for vulnerabilities.
• Include reproduction steps, impact, and affected components.

Security-sensitive areas include:

• OAuth token handling and encryption
• Email content encryption and key management
• Webhook signature validation
• Auth-protected cron and admin-style endpoints

For implementation details and deployment hardening guidance, see docs/security.md.