# Security Policy

## Reporting a vulnerability

If you discover a security vulnerability, **do not open a public issue**.

Send a report via [GitHub Security Advisories](https://github.com/Slashgear/gdpr-report/security/advisories/new) including:

- A description of the vulnerability
- Steps to reproduce it
- The potential impact

## Scope

This tool runs a controlled Chromium browser against URLs provided by the user. It is designed to be run locally or in a controlled CI environment — do not expose the CLI as a web service without appropriate isolation.