Arrow AI

Security overview.

Arrow AI keeps the public website simple and static where possible, protects private areas from indexing, and uses browser security headers on Vercel.

Public website controls

• Private areas such as admin, private room, and private audit spaces are marked noindex.
• Security headers reduce content sniffing, unnecessary browser permissions, and risky referrer leakage.
• Analytics loads only after consent.

Responsible disclosure

If you find a vulnerability, email noahmaman@arrow-ai.is with steps to reproduce, impact, affected URL, and a safe proof of concept.

Security file

The machine-readable security contact is available at /.well-known/security.txt.

Last updated: June 29, 2026.