Article Lens is designed to work without secrets by default.

If you add storage or browser integrations:

• Do not commit API tokens, Base tokens, app secrets, cookies, or session keys.
• Do not put long-lived write credentials in a browser extension.
• Prefer a local service or backend that receives clipper payloads and writes to storage.
• Use least-privilege credentials for any database or table integration.
• Treat article text and analysis results as potentially private reading history.

To report a security issue in a fork or public distribution, open a private advisory or contact the maintainer directly.