If you discover a security vulnerability, please report it privately:

1. DO NOT open a public issue
2. Email the maintainer or use GitHub's private vulnerability reporting
3. Include:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

We'll respond within 48 hours and work with you to address the issue.

This extension:

• Does not collect or transmit user data
• Does not make external network requests
• Stores only session timing data locally
• Uses VS Code's built-in APIs for all operations