# Security and privacy Report suspected vulnerabilities privately to the maintainer before opening a public issue. Do not include secrets or private project data in reports. The dashboard reads local files and does not require a backend or database. It can include file paths, feature names, diagnostics, source excerpts, and commit identifiers in a generated snapshot. **Do not publish snapshots generated from private repositories unless you have reviewed and sanitized them.** Never commit credentials, tokens, customer data, or private snapshots. Use synthetic data for bug reports and fixtures.