If you discover a security vulnerability in this project, please report it responsibly. Do not open a public GitHub issue.

Email support@reckonapp.io with:

• A description of the vulnerability
• Steps to reproduce
• Any relevant logs or screenshots

We will acknowledge your report promptly and aim to provide a fix or mitigation plan within 7 business days, depending on severity.

This policy covers the reckon-mcp-server codebase and its deployment as a Cloudflare Worker. Issues in upstream dependencies should be reported to the respective maintainers.

We appreciate responsible disclosure and are happy to credit reporters in release notes (with your permission).