Language: English | 日本語
Currently supported versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability, do not report it as a public Issue.
- Email: security@example.com (replace with the project security contact)
- GitHub Security Advisories: Use Private vulnerability reporting from the repository Security tab
- Detailed description of the vulnerability
- Steps to reproduce
- Affected versions
- Suggested fix, if available
- Acknowledgment: We confirm receipt within 48 hours
- Investigation: We assess impact and scope
- Fix: We patch according to severity
- Disclosure: We publish details after a fix is released, at an appropriate time
- AI provider API keys are stored encrypted locally when configured in the app
- BYOK (Bring Your Own Key): keys are not sent to Zedi servers for inference
- Local-only mode may use IndexedDB in the browser
- Authenticated user data is stored in PostgreSQL (via
server/api) - All remote communication uses HTTPS
- Authentication uses Better Auth (OAuth / session cookies)
- Passwords are not handled by application code when using OAuth providers
Thank you for helping keep Zedi secure! 🔒