Skip to content

Security: lalaland-ai/lala-companion

SECURITY.md

Security Policy

lala-companion is an in-development, dynamically changing, early access app. It's "secure" as much as Electron is, but we do use alot of AI services which do interact with your data, so please be aware of that. Of course everything is mostly open source, except for some API calls, your free to inspect the code and see what is happening. AI touching your hard drives is a user option, highly warned about before allowed to turn on. We cannot guarantee much security if you choose to train AI with your desktop data to external providers. Local AI models running on your PC however, may be much more secure then using say: an OpenAI provider. We suggest doing that if you want max security and we will support a "local only" mode in our app. We don't have any weird backdoor user data farming, ad revenue, analytics stuff. Just some error reporting for devs to fix bugs, and general device metrics for QA. Open to audits if anyone wishes to do so.

We shall prioritze "local" AI and local storage on your own machine, rather then cloud storage. - our motto, but hard to do sometimes if want next-gen AI features... so user options shall be given.

Reporting a Vulnerability

If you find something bad in the code or in data usage, please let us know in a Github Issue, Discord, X, or email.

There aren’t any published security advisories