If you discover a security issue in LoudCue, please do not open a public GitHub issue. Instead, email benjamin@reece.is with:

• A description of the issue
• Steps to reproduce
• Affected version(s)
• Your assessment of severity

I aim to respond within 72 hours and ship a fix in the next release. If the issue is severe (RCE, calendar data exposure, privilege escalation), I'll cut a patch release out of band.

• Anything that exposes calendar data outside the user's Mac
• Anything that runs unintended code on the user's machine
• Privilege escalation (LoudCue should never need elevated rights)
• Defeating macOS sandboxing or hardened runtime protections
• Anything that bypasses the user's calendar/reminders permission grant
• Tampering with the Sparkle update channel
• Path traversal or file-write outside ~/Library/Application Support/LoudCue/

• Aesthetic / UX bugs in the alert overlay
• Performance regressions (open a normal bug report)
• Apps that integrate with LoudCue exposing their own data
• Issues that require physical access to an unlocked Mac

LoudCue depends on:

• Sparkle 2 for auto-updates. Update payloads are signed with an EdDSA private key held only by the maintainer; the public key ships in the app bundle.
• KeyboardShortcuts for global hotkeys. No network access.

If you find an issue in one of these upstream projects, please report it directly to the upstream maintainers.

After a fix ships, I'll publish a brief advisory in CHANGELOG.md and on the GitHub Releases page. Reporters who want credit will be acknowledged; if you prefer to remain anonymous, just say so.

This policy covers the LoudCue app, the marketing site at loudcue.com, and the auto-update channel (appcast.xml). Forks and third-party builds are out of scope.