Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please email us at: security@eoffice.app

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will respond within 48 hours and provide a fix within 7 days for critical issues.

• All user data is stored locally in the browser
• API keys are never sent to our servers
• Documents are encrypted when shared
• No third-party tracking scripts
• Content Security Policy headers
• HTTPS enforced in production