Use this section to tell people about which versions of your project are currently being supported with security updates.

We take the security of ConversAI-Kit seriously. If you believe you have found a security vulnerability, please follow these steps:

1. DO NOT disclose the vulnerability publicly
2. Send a detailed description of the vulnerability to [INSERT SECURITY EMAIL]
3. Include steps to reproduce the issue
4. If possible, provide a proof of concept

• You will receive an acknowledgment within 48 hours
• We will investigate and provide updates on the reported vulnerability
• Once validated, we will work on a fix and coordinate the release
• We will credit you (if desired) when we publish the fix

When using ConversAI-Kit, please follow these security best practices:

1. API Keys and Secrets

   • Never commit API keys or secrets to the repository
   • Use environment variables for sensitive data
   • Rotate API keys regularly

2. Dependencies

   • Keep all dependencies up to date
   • Regularly run security audits (yarn audit for frontend, safety check for backend)

3. Authentication

   • Use strong passwords
   • Implement rate limiting
   • Enable two-factor authentication where possible

4. Data Protection

   • Encrypt sensitive data in transit and at rest
   • Regularly backup your data
   • Implement proper access controls

We will announce security updates through:

• GitHub Security Advisories
• Release Notes
• [Optional] Security mailing list

For security-related inquiries, contact: [INSERT SECURITY CONTACT DETAILS]