Braincup is a single-player offline brain-training game. It has no accounts, no backend, and stores no personal data beyond local high-scores on-device. The security surface is intentionally small.

Please report suspected vulnerabilities privately via GitHub's built-in flow:

→ https://github.com/SimonSchubert/Braincup/security/advisories/new

That creates a draft advisory visible only to the maintainer. Include a short description, steps to reproduce, and the affected platform (Android / iOS / Desktop / Web). Please don't open a public issue for suspected security problems — I'll triage privately and coordinate disclosure once a fix is ready.

You can expect an acknowledgement within a week and a fix in the next release cycle where feasible.

Only the latest release receives fixes. See https://github.com/SimonSchubert/Braincup/releases.