Security

Current security posture

This page describes implemented trust controls in the Seldon app today. It avoids formal compliance claims unless separately verified.

Last updated: July 9, 2026

Transport security

Public web and router traffic is served over TLS. Provider calls use the transport security supported by the configured provider endpoint.

Workspace scoping

Dashboard activity and trace APIs are scoped to the authenticated workspace and role.

Redacted trace payloads

Trace payload capture redacts sensitive headers and secret-like values before storage.

BYOK non-persistence

BYOK provider keys are used for the request and are not stored by Seldon.

Storage And Access

Seldon stores operational data in private application storage and databases. Access is limited to the application, authorized workspace members, and limited support, security, and operations personnel when needed for customer support, security, debugging, legal, billing, and service operation.

Trace Visibility

Trace detail is a workspace-scoped audit record. Dashboard trace detail is currently limited to a 30-day availability window. Payload references are shown only to admin or owner roles when payloads exist and have not expired.

Secrets And Headers

Known sensitive headers, API keys, bearer tokens, BYOK headers, cookies, and secret-like values are redacted before trace payload storage. Customers should still avoid sending unnecessary credentials, secrets, or sensitive personal data in prompts, headers, metadata, or tool payloads.

Vulnerability Contact

Report suspected security issues to [email protected] with the affected route, workspace, timestamp, reproduction steps, and impact. Do not include live secrets in reports.

Security | Seldon