We take security seriously. YuvaDev is local-first by default, which means your code does not leave your machine unless you explicitly choose cloud model providers.
How to report a vulnerability
• Include clear reproduction steps and impact details.
• Do not access or modify data that does not belong to you.
• Do not publicly disclose details until we have had reasonable time to patch.
• Send reports to security@yuvadev.dev or founder@yuvadev.dev.