If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public GitHub issue
2. Email the maintainer directly or use GitHub's private vulnerability reporting
3. Include detailed information about the vulnerability
4. Allow reasonable time for a fix before public disclosure

• Models are downloaded from Hugging Face over HTTPS
• Downloaded files are stored in ~/.cache/parakeet-coreml/
• No authentication tokens are stored or transmitted

• All audio processing happens locally on your device
• No data is sent to external servers
• The library works fully offline after model download

• The native addon is compiled from source during installation
• Source code is available for review in src/*.mm and src/*.h