Please do not open public issues for security-sensitive bugs.
Report privately by contacting the repository maintainer directly with:
- affected version/commit
- reproduction steps
- impact assessment
- optional patch suggestion
You should receive an initial response within 7 days.
This policy currently covers:
- Electron app runtime
- transcription provider integrations
- settings persistence and IPC surface
Out-of-scope:
- vulnerabilities in third-party services/providers themselves