Security
We treat security as part of doing good work, not as something to bolt on later. Here is how we think about security across the website and product deployments.
If you spot a security issue
If you think you have found a security issue affecting Xalec AI materials or a Xalec-managed deployment, please report it responsibly.
- Start on the contact page and label the request as a security report.
- Include the steps to reproduce, the affected part of the system, and the likely impact.
- Please avoid sending sensitive datasets directly by email; we can coordinate a safer path if needed.
Responsible disclosure
We ask for a reasonable time window to investigate and address reported issues before public disclosure.
How we approach security
- Encrypted transport and access control where the environment supports it.
- Least-privilege handling of user roles, sessions, and admin actions.
- Storage practices meant to support safer handling of uploaded data, artifacts, logs, and reports.
- Workflow records that help trace execution and investigate operational issues.
- Dependency maintenance, patching, and environment hygiene to reduce avoidable exposure.
- Recovery planning that fits the hosting model and deployment context.
If you need to discuss deployment-specific controls, institutional requirements, or review evidence, we can do that directly.