# Security Policy
## Supported Versions
We currently support the following versions with security updates:
| Version | Supported |
| ------- | ------------------ |
| 0.2.x | :white_check_mark: |
| 0.1.x | :x: |
## Reporting a Vulnerability
The security of Simplenote MCP Server is important to us. If you have discovered a security vulnerability, please follow these steps:
1. **Do Not Disclose Publicly**: Please do not disclose the vulnerability publicly until it has been addressed.
2. **Report**: Send an email to [Thomas Juul Dyhr](mailto:thomas@dyhr.com) with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggestions for remediation if you have them
3. **Response Time**: We will acknowledge your report within 48 hours and provide a more detailed response within 7 days.
4. **Resolution**: We will work with you to understand and resolve the issue. We'll keep you informed of our progress.
5. **Disclosure**: Once the vulnerability has been fixed, we will coordinate the public disclosure of the vulnerability.
## Security Best Practices for Users
When using Simplenote MCP Server, please follow these security best practices:
1. **Keep your environment variables secure**: Do not hardcode sensitive information like passwords or tokens.
2. **Regularly update**: Keep the software and its dependencies up to date.
3. **Use strong passwords**: For Simplenote authentication, use strong, unique passwords.
4. **Access control**: Limit access to the server to only trusted users.
Thank you for helping to keep Simplenote MCP Server secure!
