If you discover a security vulnerability, please report it responsibly:

1. Do not open a public GitHub issue
2. Email the maintainer directly or use GitHub's private vulnerability reporting
3. Include steps to reproduce the issue
4. Allow reasonable time for a fix before public disclosure

PomoDaddy is a local-only macOS app. It does not make network requests or transmit data. Security concerns are limited to:

• Local data storage integrity
• macOS sandbox compliance
• Dependency supply chain