-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(security.md): Adds security.md file to project root
Closes #5473
- Loading branch information
1 parent
e0d8143
commit 41114f1
Showing
1 changed file
with
47 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # Data Privacy and Security | ||
|
|
||
| ## Security Measures | ||
|
|
||
| ### LiteLLM Github | ||
|
|
||
| - All commits run through Github's CodeQL checking | ||
|
|
||
| ### Self-hosted Instances LiteLLM | ||
|
|
||
| - **No data or telemetry is stored on LiteLLM Servers when you self host** | ||
| - For installation and configuration, see: [Self-hosting guided](https://docs.litellm.ai/docs/proxy/deploy) | ||
| - **Telemetry** We run no telemetry when you self host LiteLLM | ||
|
|
||
| ### LiteLLM Cloud | ||
|
|
||
| - We encrypt all data stored using your `LITELLM_MASTER_KEY` and in transit using TLS. | ||
| - Our database and application run on GCP, AWS infrastructure, partly managed by NeonDB. | ||
| - US data region: Northern California (AWS/GCP `us-west-1`) & Virginia (AWS `us-east-1`) | ||
| - EU data region Germany/Frankfurt (AWS/GCP `eu-central-1`) | ||
| - All users have access to SSO (Single Sign-On) through OAuth 2.0 with Google, Okta, Microsoft, KeyCloak. | ||
| - Audit Logs with retention policy | ||
| - Control Allowed IP Addresses that can access your Cloud LiteLLM Instance | ||
|
|
||
| For security inquiries, please contact us at [email protected] | ||
|
|
||
|
|
||
| For security inquiries, please contact us at [email protected] | ||
|
|
||
| #### Supported data regions for LiteLLM Cloud | ||
|
|
||
| LiteLLM supports the following data regions: | ||
|
|
||
| - US, Northern California (AWS/GCP `us-west-1`) | ||
| - Europe, Frankfurt, Germany (AWS/GCP `eu-central-1`) | ||
|
|
||
| All data, user accounts, and infrastructure are completely separated between these two regions | ||
|
|
||
| ### Security Vulnerability Reporting Guidelines | ||
|
|
||
| We value the security community's role in protecting our systems and users. To report a security vulnerability: | ||
|
|
||
| - Email [email protected] with details | ||
| - Include steps to reproduce the issue | ||
| - Provide any relevant additional information | ||
|
|
||
| We'll review all reports promptly. Note that we don't currently offer a bug bounty program. |