Please do not open a public GitHub issue for security-sensitive reports.

Instead, use one of these options:

1. GitHub Security Advisories (preferred): open a private security advisory for this repository.
2. If you cannot use GitHub: contact the maintainers through a private channel they have published on their profile or project documentation.

Include enough detail to reproduce or understand the issue (steps, affected versions, impact). We will acknowledge receipt as soon as we can and work with you on a coordinated disclosure before any public fix.

This project is a desktop application (Tauri). Reports about third-party services you configure (LLM or TTS providers, API keys stored locally on your machine) are generally out of scope unless they expose a defect in this codebase.

Security fixes are applied to the default branch (main) and released as tagged versions when appropriate. Use the latest release when possible.