Arrow AI
Security overview.
Arrow AI keeps the public website simple and static where possible, protects private areas from indexing, and uses browser security headers on Vercel.
Public website controls
- Private areas such as admin, private room, and private audit spaces are marked noindex.
- Security headers reduce content sniffing, unnecessary browser permissions, and risky referrer leakage.
- Analytics loads only after consent.
Responsible disclosure
If you find a vulnerability, email noahmaman@arrow-ai.is with steps to reproduce, impact, affected URL, and a safe proof of concept.
Security file
The machine-readable security contact is available at /.well-known/security.txt.
Last updated: June 29, 2026.