ResearchOS is local-first. Your research data lives in a folder on your own machine and never leaves it unless you explicitly export or share it. We take the security of the app and of any optional cloud features (sharing, collaboration) seriously.

Please report security issues privately rather than opening a public issue.

• Email support@research-os.app with the details and steps to reproduce.
• Use a subject line that starts with "SECURITY" so it is triaged quickly.

We will acknowledge your report, work with you on a fix, and credit you if you would like once the issue is resolved. Please give us a reasonable window to address the problem before any public disclosure.

• The web app and its optional cloud features (sharing relay, identity directory).
• The handling of local data through the File System Access API.

For background on the app's security posture and prior review, see SECURITY_AUDIT.md.