Security

Report suspected security issues to mailto:security@ohio420.ai.

The production app should use HTTPS, secure cookies, domain lock, MFA on registrar and hosting accounts, least-privilege admin access, and isolated public knowledge storage.

The app is intentionally designed not to connect to private NAS or personal local-chat folders.

Security controls are tracked against OWASP web and mobile guidance, including protected secrets, server-side authorization, minimal device permissions, rate limits, audit logs, safe file handling, and store-ready privacy disclosures.