# Security Policy

GPT Exporter is an offline, privacy-first desktop application.  
It does not send user data to external servers by default. The only built-in network component used for app functionality is a local HTTP server bound to 127.0.0.1.
All processing happens on the user's device.

The project is lightweight, and we take security seriously and appreciate responsible reports.

------------------------------------------------------------

## Supported Versions

Security updates are provided on a best-effort basis.  
Response times may vary.  
We try to reply as quickly as possible, but delays may occur.

------------------------------------------------------------

## Reporting a Vulnerability

If you discover a potential security issue, please report it privately:

security@gpt-exporter.com

Please do **not** open public GitHub Issues for security reports.

When contacting us, include:
- A clear description of the issue  
- Steps to reproduce, if applicable  
- Your environment (OS, version, export ZIP structure, etc.)

You will receive a reply as soon as possible.

------------------------------------------------------------

## Important Notes

Because GPT Exporter is offline-first:
- No external servers are contacted for user data processing in the current version  
- No analytics or telemetry by default  
- Chats and processed data remain on the local device unless explicitly shared by the user
- The local web viewer is served only via 127.0.0.1 (loopback interface)

Issues related to:
- Modified local files  
- Broken or manually altered ChatGPT exports  
- System-level malware on the user's machine  
- Non-standard PyInstaller modifications  
are not considered security vulnerabilities.

------------------------------------------------------------

## Disclosure

Please allow us reasonable time to investigate and fix the issue before any public disclosure.  
We will coordinate with you to determine an appropriate disclosure schedule.

Thank you for helping keep GPT Exporter safe.