Security policy Please report security issues privately to kontakt.smart.service@gmail.com. Do not post Xiaomi OAuth grants, Home Assistant long-lived access tokens, .storage files, account credentials or unredacted diagnostics in issues.