Lumen runs 100% locally — inference happens on your Mac (MLX + Metal) and the app makes no network connections except, on your explicit action, downloading a model from Hugging Face. Your text is never sent anywhere.

If you find a security issue, please report it privately — do not open a public issue:

• Email: andlsac@icloud.com
• Or use GitHub's "Private vulnerability reporting" (Security tab) once the repository is published.

Please include steps to reproduce and the affected version. You'll get a reply as soon as possible. This is a personal project with no formal SLA, but security reports are taken seriously.

• The Lumen app and its source in this repository.
• Out of scope: vulnerabilities in upstream dependencies (MLX / mlx-swift / swift-transformers / Hugging Face) — please report those to the respective projects.