# Security Policy

## Supported Versions

| Version | Supported          |
| ------- | ------------------ |
| 1.x.x   | :white_check_mark: |

## Reporting a Vulnerability

If you discover a security vulnerability in Israel Law MCP, please report it responsibly:

1. **Do NOT open a public issue**
2. Email **security@ansvar.eu** with:
   - Description of the vulnerability
   - Steps to reproduce
   - Potential impact
3. You will receive acknowledgment within 48 hours
4. We aim to provide a fix within 7 days for critical issues

## Data Accuracy

For data accuracy issues (incorrect legal text, missing provisions, stale data), please use our [data error issue template](https://github.com/Ansvar-Systems/israel-law-mcp/issues/new?template=data-error.md).

## Scope

This policy covers:
- The npm package `@ansvar/israel-law-mcp`
- The Vercel deployment at `https://israel-law-mcp.vercel.app`
- The MCP server code in this repository

Out of scope:
- The upstream legal data sources themselves
- Third-party dependencies (report to their maintainers)