| Version | Supported |
|---|---|
| latest | Yes |
If you discover a security vulnerability in QuantPath, please report it responsibly:
- Do NOT open a public GitHub issue.
- Email security concerns to the maintainers via a private GitHub Security Advisory: https://github.com/MasterAgentAI/QuantPath/security/advisories/new
- Include a description of the vulnerability and steps to reproduce.
- We will acknowledge receipt within 48 hours and provide a timeline for a fix.
This policy covers:
- The QuantPath CLI and web application code
- Data processing pipelines (scraping, parsing, training)
- The Streamlit web dashboard
This policy does NOT cover:
- Third-party services (GradCafe, QuantNet, LinkedIn)
- User-provided profile YAML files
- The Anthropic API integration (report to Anthropic directly)
QuantPath processes user-provided academic profiles locally. No personal data is transmitted to external services unless the user explicitly runs the AI advisor tool (which sends profile data to the Anthropic API).
Admission data in this repository has been aggregated from public sources and does not contain personally identifiable information (PII).