Status: scaffolded / public-safe security policy.

Report suspected exposure of private data, exact sensitive locations, secrets, tokens, security-sensitive operations, or sealed IP through the private review channel designated by Alexandra Caussade or Foundation governance. Do not open a public issue containing the sensitive material.

This repository must not contain:

• secrets, tokens, API keys, credentials, or private endpoints;
• exact sensitive infrastructure locations;
• exact cleanup operation staging locations or private routes;
• donor data, student data, volunteer private data, customer data, or private Foundation operations;
• private training corpora or sealed YOSO-YAi LLC IP;
• security-sensitive operational details.

If sensitive material is found, stop publication work, remove the public exposure path, preserve enough metadata for private review, and require human review before restoring any related public content.