Security · Posture

Security stated only as far as it is true.

This page describes what LeanLogix actually does to protect models, the data they are built from, and the evidence we sign. It does not claim a certification we have not earned. Where a control is a design decision you can inspect — in the weights, in the receipt, in the response headers — we say exactly what it is and how to check it.

As of June 2026no customer data in weightssigned, re-verifiable evidence

What goes into the weights

Sensitive data does not enter the model.

The strongest control is the one that removes the risk rather than managing it. LeanLogix trains adapters on open foundations using public and open corpora. Customer data, PHI, PII, and secrets are excluded from training by policy — anything sensitive a model needs at run time is supplied through retrieval, never baked into the weights.

No customer data, PHI, or secrets in training

Adapters are trained on public, open, and synthetic corpora on the Qwen2.5 family (Apache-2.0). Customer data, PHI/PII, and secrets are excluded from training by policy. The weights carry capability, not a record of anyone's data.

Sensitive sources stay at runtime, via retrieval

For healthcare and other regulated work, models are tuned on public corpora and given the sensitive context they need through runtime retrieval (RAG). PHI lives in retrieval and runtime only — it is never trained into a model and never persists in a checkpoint.

Weights stay inside the boundary

Governed models are served from an in-boundary, OpenAI-compatible endpoint; the weights do not leave the boundary to be served. There is no external per-token meter in the inference path, so a governed call is not also a record someone else keeps.

Evidence and signing

Every release and every serving call leaves a signed record.

Security is only as good as your ability to prove it after the fact. LeanLogix signs its evidence with an Ed25519 key over the verbatim bytes, so an auditor recomputes the result offline rather than taking a dashboard's word for it.

A signed, re-verifiable Model Passport per release

Each released model ships a Model Passport — a signed bill of materials covering base model, datasets and exclusions, eval probes, and the approver — sealed with an Ed25519 signature over the verbatim bytes. Anyone can re-verify it offline at lockedinlabs.ai/verify. If a single byte changed, the check fails.

Governed serving binds the run, not the conversation

Every governed serving call seals a receipt that binds the model fingerprint, the backend it ran on, and the routing policy. The receipt carries no prompt text, no response text, and no PII — only a content-free shape hash and token counts. It is a proof of conduct, never a transcript.

Separation of duties on release

A model reaches a signed, released state through a separation-of-duties gate: the reviewer who approves a release is not the engineer who trained it. Nothing is labeled certified, approved, or production unless a signed artifact proves it.

Application surface

The site itself is hardened, and you can check the headers.

Every response from this site carries a Content-Security-Policy with a bounded connect-source allowlist, HTTP Strict Transport Security, a frame-ancestors clickjacking deny, MIME-sniffing protection, and a restrictive Permissions-Policy. These are observable in the response headers — not a claim you have to take on trust.

Verifiable response headers

  • Content-Security-Policybounded script/style/connect sources; object-src none
  • Strict-Transport-Securitymax-age 2 years, includeSubDomains, preload
  • X-Frame-Options / frame-ancestorsDENY / 'none' — no clickjacking
  • X-Content-Type-Optionsnosniff
  • Referrer-Policystrict-origin-when-cross-origin
  • Permissions-Policycamera/geolocation off; microphone scoped to the in-page voice concierge

What we do not claim

The honest boundary of this page.

A security page that overstates is worse than none. So here is what we are not saying.

No certification we have not earned

We do not claim SOC 2, ISO 27001, or HIPAA certification. The controls above are real design decisions and process commitments; they are not a substitute for, or a claim of, a third-party audit we do not hold.

No unhackable or injection-proof model

Hardening measures defense-in-depth resistance behind a governance gate and reports residual attack-success per release. We do not claim a model cannot be attacked — we claim we measure it and publish our own numbers.

No security by adjective

Where a control is real, we point at where to verify it — the passport at the public verifier, the receipt body, the response headers. Where we cannot prove a thing, we leave it off this page.

Responsible disclosure

Found something? Tell us directly.

If you believe you have found a security vulnerability in LeanLogix, report it privately to the address below before disclosing it publicly. Include enough detail to reproduce the issue. We will acknowledge your report, investigate, and keep you updated as we remediate. We ask that you avoid privacy violations, data destruction, and service disruption while testing, and that you give us reasonable time to fix an issue before going public.

Security contact

security@leanlogix.ai
security.txt
How we prove it How we sign and verify Verify a passport