Strimma handles medical data (continuous glucose monitor readings). Security issues are taken seriously.

Do not open a public issue for security vulnerabilities.

Instead, use GitHub's private vulnerability reporting to report the issue confidentially.

Include:

• Description of the vulnerability
• Steps to reproduce
• Impact assessment (data exposure, integrity, availability)

You'll receive a response within 7 days.

• Nightscout credential handling (API secret storage and transmission)
• Notification data parsing (glucose values from other apps)
• Local database access (Room)
• Any path that could leak health data to unintended recipients