Security

Security & Data Handling

Last updated: July 2026

Open, auditable by design

The Semantica core engine is MIT-licensed and fully open source. There is no closed binary, no obfuscated logic, and no hidden data path — every line that builds a context graph, traces a decision, or records provenance is readable on GitHub.

Open-source library

The Semantica Python library does not transmit any data to our servers. All graph computation runs locally within your own environment — your data, your infrastructure. No telemetry is collected from library users unless you explicitly configure an integration that does so.

This website & waitlist

Waitlist signups (email address only) are stored in Cloudflare KV, scoped to this project. We collect minimal analytics and standard server logs — see the full breakdown in our Privacy Policy. We don't sell or share this data with third parties.

Hosted & Enterprise roadmap

Semantica Cloud (hosted/managed deployment) is not yet generally available. It's being built toward encryption at rest and in transit, VPC isolation, full audit trails, and SOC 2 readiness — these are engineering commitments for the hosted product, not certifications held today. We'll update this page with certification status as it's formally achieved.

Reporting a vulnerability

Found a security issue? Please report it privately rather than filing a public GitHub issue — email [email protected] with details and, if possible, steps to reproduce. We aim to acknowledge reports promptly and will credit responsible disclosures unless you prefer to stay anonymous.