Skip to content

Security: peals-pline/TutorDesk

Security

SECURITY.md

Security Policy

TutorDesk is local-first. The MVP stores data in the user's browser storage and does not include accounts, external databases, or third-party analytics.

Reporting Issues

If you find a security or privacy issue, please open a private report through GitHub security advisories if available, or contact the maintainer directly.

Please do not publish exploit details before the issue is reviewed.

Privacy Expectations

TutorDesk should not:

  • send student data to third-party servers
  • add telemetry without an explicit opt-in
  • include hidden external tracking
  • require an account for MVP workflows

Any contribution that changes data handling must clearly document the change.

There aren't any published security advisories