Report suspected vulnerabilities privately to security@makepay.io.

• Do not put MakePay API keys in Framer components.
• Keep prices and entitlements in the relay catalog.
• Verify MakePay webhooks with X-MakePay-Signature.
• Treat component props as untrusted browser input.