If you discover a security vulnerability in ExpellusAI, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please contact us directly:
- Email: Contact us through our website
- Subject:
[SECURITY] Brief description of the issue
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 5 business days
- Resolution: Depends on severity, but we aim to address critical issues as quickly as possible
This security policy applies to:
- The ExpellusAI desktop application
- The ExpellusAI website (expellusai.com)
- Related services and APIs
- Third-party services (Supabase, AI providers, etc.)
- Social engineering attacks
- Denial of service attacks
| Version | Supported |
|---|---|
| Beta 0.2.x | Yes |
| Beta 0.1.x | Yes |
| < 0.1.0 | No |
ExpellusAI is designed with security in mind:
- Local processing: Screen analysis and personal data stay on your device
- Encrypted vault: Credentials stored with local encryption
- No telemetry: We do not collect screen content or personal data
- Secure communication: All API calls use HTTPS/TLS
Thank you for helping keep ExpellusAI and its users safe.