homelife.ai is designed as a local-only system. All captured data -- camera frames, screenshots, audio recordings, transcriptions, analysis results, and the SQLite database -- remains on the user's machine. No data is transmitted to external servers beyond the configured LLM API calls (Gemini or Claude) required for analysis.

Users should be aware that:

• LLM API calls send captured images, audio, and text to the configured provider (Google Gemini or Anthropic Claude) for analysis.
• Optional notification integrations (Discord, LINE) transmit report summaries to those platforms.
• No other network communication occurs during normal operation.

If you discover a security vulnerability in homelife.ai, please report it responsibly. Do not open a public GitHub issue for security vulnerabilities.

1. GitHub Security Advisory (preferred): Navigate to the repository's Security tab and create a private security advisory.
2. Email: Send a detailed report to the repository maintainer via the contact information listed on their GitHub profile.

• A clear description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes, if applicable

• Acknowledgment: Within 48 hours of receiving the report
• Initial assessment: Within 7 days
• Fix or mitigation: Targeted within 30 days, depending on severity and complexity

• You will receive confirmation that your report has been received.
• We will work with you to understand and validate the issue.
• A fix will be developed and tested before public disclosure.
• You will be credited in the release notes (unless you prefer to remain anonymous).

We ask that you:

• Allow reasonable time for us to address the issue before any public disclosure.
• Avoid accessing or modifying other users' data.
• Act in good faith to avoid disruption to the project and its users.

• Keep your .env file (containing API keys) out of version control and restrict its file permissions.
• Run the daemon and web server on a trusted local network or localhost only.
• Regularly update dependencies to receive security patches.
• Review life.toml configuration to ensure capture settings match your privacy preferences.