If you discover a security vulnerability, please report it responsibly:

1. Do NOT create a public GitHub issue
2. Email:
3. Include: description, steps to reproduce, potential impact

We will respond within 48 hours.

• NanaDraw is designed for local use — it does not include authentication
• API keys are stored locally in ~/.nanadraw/settings.json
• Never expose the NanaDraw server to the public internet without proper security measures