If you discover a security issue, please email hello@tech1k.com instead of opening a public issue. I'll respond as soon as I can.

In scope:

• Cloudflare Worker (worker/worker.js)
• ESP32 firmware (src/main.cpp)
• Any repository code that could expose credentials or sensitive data

Out of scope:

• Issues requiring physical access (device is on a wall, behind glass)
• Social engineering
• Third-party services like Cloudflare/SMTP2GO/Open-Meteo (report those upstream)
• Temporary downtime or availability issues

This is a hobby project, not a paid bug bounty. Reports are appreciated regardless.

If you'd like credit in the changelog, let me know. If you prefer to stay anonymous, that's fine too.