Legal
Security Policy
We welcome responsible disclosure. If you believe you have found a security vulnerability, please tell us before sharing it publicly.
Last updated: June 2026
Reporting a vulnerability
Email security@radarist.ai with a description of the issue, steps to reproduce, and the potential impact. Please give us a reasonable opportunity to investigate and remediate before any public disclosure. We will acknowledge your report and keep you updated on progress.
A machine-readable contact is published at /.well-known/security.txt.
Scope
- This website (radarist.ai).
- The Radarist source code in the public repository.
Prototype security posture
Radarist is a v0.1.0 — local-first prototype. It is intended to run locally on your own machine. It is not hardened for public, multi-tenant hosting, and the repository documents the known limits (such as permissive local defaults) that must be addressed before any exposure beyond localhost. Do not expose a Radarist instance to the public internet without first reviewing and resolving those items.
Good-faith research
We will not pursue action against researchers who act in good faith, avoid privacy violations and service disruption, and do not access or modify data that is not their own. Thank you for helping keep the project safe.