Do not commit API keys, SMTP credentials, SMS provider keys, database files, archives, runtime receipts, or production deployment configuration.
Report security issues privately to the MemoryCloud maintainers. Do not open a public issue for vulnerabilities that expose user data, credentials, authentication bypasses, or remote code execution.
Self-hosted operators are responsible for HTTPS termination, secret rotation, backups, SMTP/SMS providers, rate limits, and access logs.