Data Paradox Agent is committed to ensuring the security and privacy of our users. We implement industry-standard security practices and welcome responsible disclosure of any security vulnerabilities.
| Version | Supported |
|---|---|
| 1.0.x | β Yes |
| < 1.0 | β No |
- β HTTPS/SSL/TLS Encryption - All traffic encrypted in transit
- β Secure Headers - CSP, HSTS, X-Frame-Options, X-Content-Type-Options
- β
Rate Limiting - Protection against abuse and DoS attacks
- Analysis: 10 requests/minute per IP
- Upload: 20 requests/hour per IP
- Overall: 50 requests/hour, 200/day per IP
- β Input Validation - All user inputs sanitized and validated
- β File Upload Security - Size limits (50MB), type checking, content scanning
- β XSS Protection - Content Security Policy blocks malicious scripts
- β No Data Storage - Privacy by design, no user data retention
- β Dependency Scanning - Automated weekly security updates via Dependabot
- β Open Source - Fully auditable codebase on GitHub
- β No Authentication Required - No passwords to compromise
- β Minimal Dependencies - Reduced attack surface
- β Error Handling - No sensitive information in error messages
We take security vulnerabilities seriously. If you discover a security issue, please follow responsible disclosure:
Email: alviva91@gmail.com
Subject Line: [SECURITY] Data Paradox Agent Vulnerability
Please Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Your contact information (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Updates: Regular communication throughout investigation
- Resolution: Coordinated disclosure after fix is deployed
- β Open a public GitHub issue for security vulnerabilities
- β Exploit the vulnerability beyond proof-of-concept
- β Share vulnerability details publicly before we've issued a fix
We appreciate security researchers who help keep our users safe. With your permission, we will:
- Credit you in our security acknowledgments
- Publicly thank you after the fix is deployed (if you wish)
The following are not considered security vulnerabilities:
- Rate limiting triggering for legitimate heavy use
- CSV parsing errors for malformed files
- Fallacy detection false positives/negatives
- UI/UX issues without security impact
- Third-party dependencies (report directly to them)
What we DON'T collect:
- β No user accounts or authentication
- β No personal information
- β No tracking or analytics
- β No cookies (except theme preference in localStorage)
- β No uploaded CSV data retention
What happens to your data:
- CSV files are processed in memory only
- No data is written to disk
- All data is discarded after analysis
- No logs contain user data
Primary: alviva91@gmail.com
GitHub: https://github.com/AkpanDaniel/data-paradox-agent/security
Last Updated: March 2026
Next Review: June 2026
This security policy is subject to change. Check back regularly for updates.