Do not create public issues for security vulnerabilities, instead contact us at [email protected]
GlassAlpha is designed for regulated industries requiring high trust and transparency. Security is fundamental to our mission of providing audit-ready ML compliance tools.
If you discover a security vulnerability in GlassAlpha, please help us protect our users by reporting it responsibly:
- Email: [email protected]
- Response Time: We aim to acknowledge reports within 48 hours
- Process: We will investigate all reports and provide updates on our progress
- Description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Your assessment of severity
- Any suggested fixes or mitigations
- Do not create public GitHub issues for security vulnerabilities
- Do not publicly disclose the vulnerability before we've had a chance to address it
| Version | Supported |
|---|---|
| 0.1.x | ✅ (Pre-alpha development) |
GlassAlpha follows these security principles:
- On-Premise First: No external network calls or cloud dependencies by design
- Privacy by Default: No telemetry collection (opt-in only via
GLASSALPHA_TELEMETRY=on) - Data Protection: Never logs raw PII; all identifiers are hashed
- Reproducible Security: All operations are deterministic and auditable
- Local Processing: All model analysis happens on your infrastructure
- No Data Transmission: Your data never leaves your environment
- Audit Trail: Complete lineage tracking with cryptographic hashes
- Deterministic Output: Identical results for compliance verification
Please report security vulnerabilities to us at [email protected]
Contact us: [email protected]