Security fixes are handled for the latest published release and active development branch.

Please do not open a public issue for vulnerabilities, exposed credentials, or private local data leaks.

Use GitHub private vulnerability reporting when available, or contact the maintainer through GitHub with enough detail to reproduce and assess the issue.

Helpful reports include:

• Affected version or commit.
• Windows version and runtime context.
• Steps to reproduce.
• Expected and actual impact.
• Relevant logs or screenshots with private data redacted.

Do not include local account names, full %APPDATA% paths, caption contents, access tokens, API keys, or private credentials in public reports.

Live Captions Rain does not intentionally send caption text, settings, or local window metadata to a remote service. Reports about unexpected network access, unsafe file permissions, or accidental exposure of Live Captions text are in scope.