Security
Agentic Learning Studio is an early free beta, so our security practices are evolving. This page describes, in general terms, what is in place today. If you find a security issue, please email findkailash@gmail.com (or use Report issue / complaint).
What's in place today
- Encrypted in transit — the app is served over HTTPS.
- Standard security headers are applied to responses.
- Restricted API access — the API only accepts requests from our own site.
- Sign-in via an authentication provider — we never see your password.
- Server-mediated data access — your data is reached through our server, not directly from the browser.
- Rate limits on requests to reduce abuse.
- Caps on uploads and repository imports — bounded file counts, sizes, and time.
- Generated lessons run in a sandboxed iframe, separated from the main app.
- Uploaded content is processed on our server to ground your lesson, and is not stored as files.
- No third-party advertising or analytics trackers.
An honest limitation
A strict Content-Security-Policy is intentionally off today, because generated lessons include inline scripts and styles that a strict policy would break. A stricter, nonce-based policy is planned.
If we become aware of a security incident, we act to contain it and will notify affected users and the relevant authorities where the law requires.
Agentic Learning Studio