TutorDesk is local-first. The MVP stores data in the user's browser storage and does not include accounts, external databases, or third-party analytics.
If you find a security or privacy issue, please open a private report through GitHub security advisories if available, or contact the maintainer directly.
Please do not publish exploit details before the issue is reviewed.
TutorDesk should not:
- send student data to third-party servers
- add telemetry without an explicit opt-in
- include hidden external tracking
- require an account for MVP workflows
Any contribution that changes data handling must clearly document the change.