Governance

Security

Security controls and data boundaries are proportioned to each product and engagement. This page states the public posture without claiming certifications or service levels that have not been agreed.

Current public statement · 15 July 2026

Public website

This repository publishes a static public website. Authentication, customer uploads and production API access are intentionally outside the public-site application.

Customer data boundaries

Customer ingress, public sources, licensed sources, product releases and customer exports are intended to use separate access boundaries. Customer data is not silently merged into shared product records.

Access and audit

Production access is designed around explicit organisation membership, scoped credentials, product entitlements, expiry, revocation and audit events. The exact control set and service level are documented for the contracted service.

Responsible disclosure

Report a suspected vulnerability to hello@inference.institute. Include a concise description and reproduction steps, but do not include personal data or exploit the issue beyond what is necessary to demonstrate it.