Report security issues to info@makepay.io.

• Store MakePay key secrets only in n8n credentials.
• Do not log key secrets, workflow credentials, or raw production webhook payloads.
• Rotate MakePay partner keys if an n8n credential export is exposed.

Use npm provenance from GitHub Actions for public package releases. Keep npm automation tokens scoped to this package.