docs: add security

Author: dgarcia360

.cursor/rules/writing-guidelines.mdc

@@ -0,0 +1,10 @@
+---
+description:  Guidelines when writing documentation.
+globs:
+alwaysApply: false
+---
+
+
+- Follow Google Style guide when writting documentation.
+- Use parenthesis instead of em-dashes.
+- Write for developers, avoid marketing buzzwords and bluff.

docs/release-notes.md

@@ -0,0 +1,50 @@
+# Release notes
+
+Stay up-to-date with the latest features, improvements, and updates to PushFeedback and its ecosystem of packages.
+
+## Product updates
+
+For comprehensive release notes and product announcements, visit our [Blog](http://pushfeedback.com/blog?category=release-notes). We publish bimonthly updates highlighting the most relevant product features and improvements.
+
+## Package updates
+
+### Core packages
+
+<section className="row">
+  <article className="docCardListItem_W1sv col col--6">
+    <a className="card padding--lg cardContainer_fWXF" href="#">
+      <h2 className="text--truncate cardTitle_rnsV" title="pushfeedback-search">📦️ pushfeedback</h2>
+      <p className="text--truncate cardDescription_PWke" title="Core-chatbot and search widget package">Core-widget package</p>
+      <div className="badge badge--secondary">Coming soon</div>
+    </a>
+  </article>
+</section>
+
+### Integrations
+
+<section className="row">
+  <article className="docCardListItem_W1sv col col--6">
+    <a className="card padding--lg cardContainer_fWXF" href="https://github.com/TechDocsStudio/pushfeedback-react">
+      <h2 className="text--truncate cardTitle_rnsV" title="pushfeedback-react">⚛️ pushfeedback-react</h2>
+      <p className="text--truncate cardDescription_PWke" title="AI chatbot component for React applications">Feedback widget for React applications</p>
+      <div className="badge badge badge--secondary">CHANGELOG</div>
+    </a>
+  </article>
+  
+  <article className="docCardListItem_W1sv col col--6">
+    <a className="card padding--lg cardContainer_fWXF" href="https://github.com/TechDocsStudio/docusaurus-pushfeedback/blob/master/CHANGELOG.md">
+      <h2 className="text--truncate cardTitle_rnsV" title="docusaurus-pushfeedback">🦖 docusaurus-pushfeedback</h2>
+      <p className="text--truncate cardDescription_PWke" title="Feedback plugin for Docusaurus sites">Feedback plugin for Docusaurus sites</p>
+      <div className="badge badge--secondary">CHANGELOG</div>
+    </a>
+  </article>
+  
+  <article className="docCardListItem_W1sv col col--6">
+    <a className="card padding--lg cardContainer_fWXF" href="https://github.com/TechDocsStudio/sphinx-pushfeedback/blob/master/CHANGELOG.rst">
+      <h2 className="text--truncate cardTitle_rnsV" title="sphinx-pushfeedback">🐍 sphinx-pushfeedback</h2>
+      <p className="text--truncate cardDescription_PWke" title="Official Feedback extension for Sphinx documentation">Feedback extension for Sphinx documentation</p>
+      <div className="badge badge--secondary">CHANGELOG</div>
+    </a>
+  </article>
+  
+</section>

docs/security/_category_.json

@@ -0,0 +1,8 @@
+{
+  "label": "Security",
+  "position": 6,
+  "link": {
+    "type": "generated-index",
+    "description": "Comprehensive security insights and safeguards for a secure, compliant chatbot experience."
+  }
+}

docs/security/checklist.md

@@ -0,0 +1,38 @@
+---
+sidebar_position: 2
+---
+
+# Production checklist
+
+Use this checklist to confirm that essential security measures are configured for optimal protection on the PushFeedback widget before going to production. Each item provides straightforward actions to help you secure data, control access, and maintain compliance.
+
+## For widget integrations
+
+:::info Widget Integrations Only
+The following steps apply only to implementations using the **feedback widget**.
+:::
+
+- [ ] **Restrict allowed domains**: List only the domains authorized to host your feedback widget in  **Projects** > **Settings** > **Allowed domains**. This restricts embedding to approved sites, helping prevent unauthorized access.
+
+- [ ] **Enable two-factor authentication (2FA)**: Navigate to **My Account** > **Profile** and enable 2FA for all accounts with access to the dashboard to enhance access security.
+
+- [ ] **Configure data privacy (optional)**: Choose whether to display a custom terms and conditions modal in the footer. For more information, see [Layout customization](../customization/layout.mdx).
+
+
+## For API integrations
+
+:::info API Integrations Only
+The following steps apply only to direct integrations using the **Enterprise API**. These steps are not necessary for widget-based implementations.
+:::
+
+- [ ] **Enable bearer authentication**: Ensure each API client request includes a bearer token in the header as follows: `Authorization: Api-Key <token>`.
+
+- [ ] **Set up regular API keys rotation**: Establish a schedule for rotating API keys periodically to enhance security.
+
+- [ ] **Verify token security**: Confirm that tokens are not publicly accessible (e.g., in repositories) and are shared only with authorized team members.
+
+- [ ] **Use secure API key storage**: Store API keys in environment variables, encrypted configuration files, or dedicated secrets management systems (e.g., AWS Secrets Manager, Azure Key Vault, HashiCorp Vault). Never hardcode keys in your application code or commit them to version control.
+
+- [ ] **Deactivate unused tokens**: Immediately disable any tokens that are no longer in use to prevent unauthorized access.
+
+Completing this checklist ensures that your PushFeedback integration is secure, protecting data integrity and meeting compliance standards.