Telligence is a self-hosted project. Your security posture depends on how you deploy it and which AI provider you configure.

• stores indexed content in your own PostgreSQL/pgvector database
• supports local or cloud inference, depending on your configuration
• uses JWT auth and bcrypt password hashing
• does not add hosted telemetry of its own

This repository does not claim out-of-the-box HIPAA, GDPR, SOC 2, or similar compliance certification. If you need those guarantees, you need a deployment and operating model that provides them.

• change demo credentials outside local development
• use HTTPS and a reverse proxy in production
• keep database credentials and API keys in environment variables
• restrict network access to the API and database
• review which AI provider you configure before indexing sensitive content

• local inference keeps prompts and embeddings on infrastructure you control
• cloud inference sends prompts and/or embeddings to the provider you configure
• Telligence does not prevent operators from indexing sensitive content, so operator policy still matters

Do not report security issues in public issues. Coordinate privately with the maintainers.