Security
Current security posture
This page describes implemented trust controls in the Seldon app today. It avoids formal compliance claims unless separately verified.
Last updated: July 9, 2026
Transport security
Public web and router traffic is served over TLS. Provider calls use the transport security supported by the configured provider endpoint.
Workspace scoping
Dashboard activity and trace APIs are scoped to the authenticated workspace and role.
Redacted trace payloads
Trace payload capture redacts sensitive headers and secret-like values before storage.
BYOK non-persistence
BYOK provider keys are used for the request and are not stored by Seldon.
Storage And Access
Seldon stores operational data in private application storage and databases. Access is limited to the application, authorized workspace members, and limited support, security, and operations personnel when needed for customer support, security, debugging, legal, billing, and service operation.
Trace Visibility
Trace detail is a workspace-scoped audit record. Dashboard trace detail is currently limited to a 30-day availability window. Payload references are shown only to admin or owner roles when payloads exist and have not expired.
Secrets And Headers
Known sensitive headers, API keys, bearer tokens, BYOK headers, cookies, and secret-like values are redacted before trace payload storage. Customers should still avoid sending unnecessary credentials, secrets, or sensitive personal data in prompts, headers, metadata, or tool payloads.
Vulnerability Contact
Report suspected security issues to [email protected] with the affected route, workspace, timestamp, reproduction steps, and impact. Do not include live secrets in reports.