Legal
Security Policy
Our security practices, your deployment responsibilities, and how to report vulnerabilities.
Last updated: June 30, 2026
Found a vulnerability? Please disclose it responsibly to admin@siemate.com. We will acknowledge receipt within 2 business days and aim to resolve confirmed issues within 30 days.
1. Architecture & Data Isolation
SIEMate is a self-hosted platform. The entire stack — backend API, AI agent, knowledge base, and frontend — runs inside your own infrastructure. Your security events, detection rules, SIEM credentials, and investigation data never leave your environment or transit our servers.
We do not operate a multi-tenant cloud service. There is no shared infrastructure between customers. Each deployment is fully isolated within the customer's control boundary.
2. Deployment Security Recommendations
Network
- Deploy SIEMate behind a reverse proxy (nginx, Caddy, or Traefik) with TLS termination
- Restrict the SIEMate API port to internal networks or a VPN — do not expose it directly to the internet
- Use network segmentation to limit SIEMate's access to only the SIEM endpoints it needs
Authentication
- Enable SSO (Azure AD, Google Workspace, or Okta) rather than relying solely on local credentials
- Rotate API keys and SIEM credentials regularly and store them as Docker secrets or Kubernetes secrets — not in environment files committed to source control
- Apply least-privilege SIEM accounts: SIEMate only needs read access to indexes and write access for rule management
Container & Host
- Use the official SIEMate Docker images from our verified registry
- Containers run as non-root by default — do not override this in your compose file
- Apply security updates to the host OS and Docker engine regularly
- Mount secrets and configuration files as read-only where possible
LLM API Keys
- Scope your OpenAI, Gemini, or other LLM API keys to the minimum required permissions
- Set spending limits at the provider level to enforce the SIEMate AI budget controls
- Rotate keys if you suspect compromise — SIEMate will immediately use the updated value from your secrets store
3. Data Handled by the Platform
Within your deployment, SIEMate processes the following categories of data:
- SIEM query results — subsets of your log data retrieved to answer questions or run investigations
- Detection rules — SPL, KQL, and Sigma rules managed through the platform
- Knowledge base documents — runbooks, playbooks, and context documents you upload
- Chat history — investigation conversations stored in the platform database
- LLM prompts and responses — sent to your configured LLM provider (OpenAI, Gemini, etc.) over TLS
LLM calls include relevant context from your environment (field names, sample values, rule names). You should review your LLM provider's data handling policies and, where required, opt out of training data use.
4. Website Security (siemate.com)
siemate.com is served over HTTPS with HSTS. We apply the following controls to this website:
- TLS 1.2+ enforced; TLS 1.0 and 1.1 disabled
- Content Security Policy (CSP) headers
- No third-party advertising scripts or behavioural tracking
- Dependency pinning and automated vulnerability scanning via Dependabot
5. Responsible Disclosure Policy
We welcome security researchers who responsibly disclose vulnerabilities in SIEMate or siemate.com. To report a security issue:
- Email admin@siemate.com with a clear description of the vulnerability, steps to reproduce, and your assessment of impact
- Use PGP encryption if your report contains sensitive details — our public key is available on request
- Do not exploit the vulnerability beyond what is necessary to demonstrate impact
- Do not access, modify, or exfiltrate data beyond your own test environment
- Give us reasonable time to investigate and remediate before public disclosure
Our commitments to you
- Acknowledge receipt within 2 business days
- Provide an initial assessment within 5 business days
- Aim to patch confirmed critical/high vulnerabilities within 14 days
- Keep you informed of progress throughout remediation
- Credit you in our release notes (unless you prefer to remain anonymous)
- Not pursue legal action against researchers acting in good faith
6. Incident Response
If you suspect a security incident within your SIEMate deployment, contact us at admin@siemate.com. We will work with you to understand the scope and assist with remediation guidance.
Because SIEMate is self-hosted, you are responsible for notifying affected individuals and relevant authorities under applicable data breach notification laws (e.g., GDPR Article 33, CCPA).
7. Questions
For security questions not covered here, contact admin@siemate.com.