M87AI SECURITY POLICY

Last Updated: 2025-02-24

1. Introduction

M87AI, developed by Cosmic Intelligence, LLC ("we," "us," or "our"), is committed to ensuring the security of our users' data and our platform. This Security Policy outlines the practices and procedures we use to maintain and improve security across our infrastructure and services.

2. Reporting Security Issues

We encourage security researchers, ethical hackers, and community members to responsibly disclose any discovered security vulnerabilities. If you discover a vulnerability, please report it immediately to root@cosmicai.dev with a detailed description and reproduction steps. We commit to:

  • Acknowledgment: Confirm receipt of your report within 1 business day.
  • Collaboration: Work with you to validate and address the issue promptly.
  • Credit: Offer appropriate recognition for valid and responsible disclosures.

3. Our Security Practices

3.1 Data Protection

  • Encryption in Transit: All data transmitted between users and M87AI is protected via TLS/HTTPS.
  • Secure Storage: We use industry-standard cloud hosting solutions with strict access controls, storing data with encryption at rest where available.
  • Data Minimization: Only collecting necessary user data.
  • Password Hashing: User passwords are hashed using bcrypt.

3.2 Authentication

  • Secure Protocols: Robust login flows with secure password management.
  • Session Management: Sessions are managed with HTTP-only cookies, Secure and SameSite flags in production, and inactivity timeouts set to 45 minutes.
  • Future Enhancements: We plan to explore multi-factor authentication (MFA) for additional security.

3.3 Infrastructure

  • Regular Security Audits: Periodic reviews and updates of our security posture.
  • Vulnerability Patching: Routine scans and prompt application of security patches.
  • Monitoring: Continuous log monitoring for suspicious activities.
  • Incident Response: Established procedures to address and remediate security breaches swiftly.

4. User Responsibilities

While we implement robust security measures, users also play a role in maintaining security by:

  1. Using Strong Passwords: Creating unique, complex passwords.
  2. Safeguarding Login Credentials: Avoiding sharing of account information.
  3. Logging Out: Especially on shared or public devices.
  4. Reporting Issues: Immediately reporting any suspicious activity or potential vulnerabilities to root@cosmicai.dev.

5. Updates to This Policy

We may update this Security Policy to reflect changes in our security practices, technology advancements, or legal requirements. The "Last Updated" date at the top will reflect any such changes.

For any questions or concerns regarding this Security Policy, please contact us at root@cosmicai.dev.