# Security Policy

TunnelX changes routes, runs local proxy services, and uses packet interception. Treat security reports carefully.

## Supported Versions

Only the latest public release is supported.

## Reporting

Before the repository is public, report security issues privately to the maintainer. After publication, use GitHub Security Advisories if enabled. If advisories are not enabled, open a minimal issue that says a private security report is needed without posting exploit details.

## Sensitive Data

Do not include real VPN credentials, private configs, access tokens, wallet private keys, or private server addresses in issues, screenshots, logs, or pull requests.