Despite being an API that stores no data from the user, we still take platform security seriously. Here at Nimi, we have a simple but comprehensive way of dealing with security issues.
Vulnerabilities can be reported directly to Ayane Satomi and will be triaged by the team to see if it's a valid security issue. We will publish an advisory as soon as we fixed the bug.