Security

Security notes for a static market intelligence prototype.

Current fintech pages are static. Future accounts, alerts, payments, and data APIs require separate security review.

API keys, provider tokens, payment secrets, and backend credentials must not appear in public files.

`site/` is generated by build and must not be staged as source.

Accounts, watchlists, alerts, payments, partners, and data feeds require threat modeling before activation.