If you believe you have found a security or privacy issue in this project, please report it privately.

• email: devs@put.io

Private reports are preferred for security and privacy issues.

Do not open a public issue for vulnerabilities. If you are unsure whether something is sensitive, email first.

This policy covers the public design-system site, token package, and brand assets owned by this repository.

• Include the affected URL, package version, token artifact, or asset path when it is relevant.
• Do not access, modify, or disclose data that does not belong to you.
• Do not publish exploit details before disclosure is coordinated.

The current main branch, the live design guide, and the latest published npm package are supported.

Please allow a reasonable amount of time to investigate and fix the issue before sharing details publicly.

If the report is valid, we will work on a fix and coordinate disclosure as appropriate.