Security

Report sensitive problems privately.

Koru operates near keyboard input, selections, accessibility APIs, and clipboard content. We treat reports in that territory seriously — and privately.

Report a vulnerability

Email security@builderking.io. Please don't post suspected vulnerabilities publicly before we've had a chance to respond.

Include the app version, macOS version, target application, reproducible steps using synthetic text, expected and actual behavior, impact, and any known workaround. Never include real passwords, tokens, prompts, client data, clipboard contents, Keychain exports, or a Koru vault database.

The security baseline

Diagnostics without your content

Support bundles are created only after an explicit action, previewed locally, and editable before you share them. They contain version, permission, and health information — never saved content, clipboard payloads, queries, file paths, or keys. Nothing is ever uploaded automatically.

Related reading

See the privacy model for data boundaries, retention, and deletion behavior.