The project is pre-1.0. Security fixes target the latest main branch.

Until a dedicated security contact is available, open a GitHub issue with a high-level description only. Do not include private screenshots, account numbers, phone numbers, access tokens, customer lists, or other sensitive data.

If the issue requires examples, use synthetic data that preserves the layout shape without exposing real values.

The app is local-first by default:

• image files are loaded into the browser session
• CSV/XLSX files are generated locally
• no application server upload path is implemented
• telemetry is not implemented
• public fixtures and QA assets are synthetic

OCR engine and language assets may be fetched by Tesseract.js depending on deployment and cache state. The image itself is not uploaded by this app. A stricter offline PWA asset strategy is planned.

See Privacy proof for the release checklist and sample-data policy.

Please do not upload or attach real:

• bank or card transaction screenshots
• KakaoTalk/private chat screenshots
• account numbers or phone numbers
• customer/order dashboards
• business pricing sheets
• IDs, passwords, API keys, or tokens

When reporting OCR or parser behavior, recreate the layout with fake values:

2026-06-01 입금 스타상사 55,000원 잔액 1,055,000원
2026-06-02 출금 카페 5,500원 잔액 1,049,500원

Do not blur a real screenshot and upload it. Synthetic text/images are easier to review and safer for the public issue tracker.