If you discover a security vulnerability in Polish Law MCP, please report it responsibly:

1. Do NOT open a public issue
2. Email security@ansvar.eu with:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
3. You will receive acknowledgment within 48 hours
4. We aim to provide a fix within 7 days for critical issues

For data accuracy issues (incorrect legal text, missing provisions, stale data), please use our data error issue template.

This policy covers:

• The npm package @ansvar/polish-law-mcp
• The Vercel deployment at https://polish-law-mcp.vercel.app
• The MCP server code in this repository

Out of scope:

• The upstream legal data sources themselves
• Third-party dependencies (report to their maintainers)