tiles.run / tiles
A local-first private AI assistant for everyday use. Runs on-device models with encrypted P2P sync, and supports sharing chats publicly on ATProto.
10
fork

Configure Feed

Select the types of activity you want to include in your feed.

chore: Update license year to 2026 and add security policy document

feynon.eth 2c2b9141 549c71ca

+73 -1
+1 -1
LICENSE.txt
··· 1 1 Dual MIT/Apache-2.0 License 2 2 3 - Copyright (c) 2025 Tiles and Contributors 3 + Copyright (c) 2026 Tiles Privacy and Contributors 4 4 5 5 Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>). 6 6
+72
SECURITY.md
··· 1 + # Security Policy 2 + 3 + ## Reporting a Vulnerability 4 + 5 + We take security vulnerabilities seriously. If you discover a security vulnerability in Tiles, please report it to us responsibly. 6 + 7 + ### How to Report 8 + 9 + **We encourage you to use GitHub's Security Advisory feature** to report vulnerabilities privately: 10 + 11 + 1. Go to the [Security tab](https://github.com/tilesprivacy/tiles/security) in this repository 12 + 2. Click on **"Report a vulnerability"** or **"Advisories"** 13 + 3. Click **"New draft security advisory"** 14 + 4. Fill out the security advisory form with: 15 + - A clear description of the vulnerability 16 + - Steps to reproduce the issue 17 + - Potential impact and severity assessment 18 + - Any suggested fixes or mitigations 19 + 20 + Alternatively, you can report vulnerabilities by emailing [**security@tiles.run**](mailto:security@tiles.run) with: 21 + - A detailed description of the vulnerability 22 + - Steps to reproduce the issue 23 + - Potential impact assessment 24 + - Your contact information 25 + 26 + ### What to Include 27 + 28 + When reporting a vulnerability, please provide: 29 + 30 + - **Description**: A clear description of the security issue 31 + - **Steps to Reproduce**: Detailed steps to reproduce the vulnerability 32 + - **Impact**: The potential impact if this vulnerability is exploited 33 + - **Severity**: Your assessment of the severity (Critical, High, Medium, Low) 34 + - **Affected Versions**: Which versions of Tiles are affected 35 + - **Suggested Fix**: If you have ideas for how to fix the issue (optional but appreciated) 36 + 37 + ### Response Timeline 38 + 39 + We aim to: 40 + 41 + - **Acknowledge** your report within 48 hours 42 + - **Triage** the vulnerability within 7 days 43 + - **Provide updates** on our progress regularly 44 + - **Resolve** critical vulnerabilities as quickly as possible 45 + 46 + ### Disclosure Policy 47 + 48 + - We will work with you to coordinate public disclosure after the vulnerability has been addressed 49 + - We will credit you in our security advisories (unless you prefer to remain anonymous) 50 + - We will not disclose your report publicly until a fix is available 51 + 52 + ### Security Best Practices 53 + 54 + When testing for vulnerabilities: 55 + 56 + - **Do not** access or modify user data without permission 57 + - **Do not** perform any actions that could harm users or their systems 58 + - **Do not** violate any laws or breach any agreements 59 + - **Do** act in good faith and follow responsible disclosure practices 60 + 61 + ## Security Updates 62 + 63 + Security updates will be released as soon as possible after a vulnerability is confirmed and fixed. We recommend: 64 + 65 + - Keeping Tiles updated to the latest version 66 + - Subscribing to the [Tiles blog](https://tiles.run/blog) for important security updates 67 + 68 + ## Questions? 69 + 70 + If you have questions about this security policy, please contact us at [**security@tiles.run**](mailto:security@tiles.run). 71 + 72 + Thank you for helping keep Tiles secure!