Voxa is an early-stage project and does not yet have a formal coordinated disclosure program.

If you discover a security or privacy issue, please do not publish exploit details immediately.

Instead:

1. Contact a maintainer privately if possible.
2. If private contact is not available, open a GitHub issue with limited detail and mark it clearly as a security concern.
3. Provide reproduction steps, affected environment, and impact.

Because Voxa interacts with microphone input, clipboard operations, and system-wide shortcuts, privacy-sensitive findings should be reported carefully.

Thank you for reporting issues responsibly.