From 41114f1c25a47b309b193835ebca47a42340e5f9 Mon Sep 17 00:00:00 2001
From: Krrish Dholakia <krrishdholakia@gmail.com>
Date: Mon, 2 Sep 2024 07:41:24 -0700
Subject: [PATCH] docs(security.md): Adds security.md file to project root

Closes https://github.com/BerriAI/litellm/issues/5473
---
 security.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 security.md

diff --git a/security.md b/security.md
new file mode 100644
index 000000000..35ec04919
--- /dev/null
+++ b/security.md
@@ -0,0 +1,47 @@
+# Data Privacy and Security
+
+## Security Measures
+
+### LiteLLM Github
+
+- All commits run through Github's CodeQL checking
+
+### Self-hosted Instances LiteLLM
+
+- **No data or telemetry is stored on LiteLLM Servers when you self host**
+- For installation and configuration, see: [Self-hosting guided](https://docs.litellm.ai/docs/proxy/deploy)
+- **Telemetry** We run no telemetry when you self host LiteLLM
+
+### LiteLLM Cloud
+
+- We encrypt all data stored using your `LITELLM_MASTER_KEY` and in transit using TLS.
+- Our database and application run on GCP, AWS infrastructure, partly managed by NeonDB.
+    - US data region: Northern California (AWS/GCP `us-west-1`) & Virginia (AWS `us-east-1`)
+    - EU data region Germany/Frankfurt (AWS/GCP `eu-central-1`)
+- All users have access to SSO (Single Sign-On) through OAuth 2.0 with Google, Okta, Microsoft, KeyCloak. 
+- Audit Logs with retention policy
+- Control Allowed IP Addresses that can access your Cloud LiteLLM Instance
+
+For security inquiries, please contact us at support@berri.ai
+
+
+For security inquiries, please contact us at support@berri.ai
+
+#### Supported data regions for LiteLLM Cloud
+
+LiteLLM supports the following data regions:
+
+- US, Northern California (AWS/GCP `us-west-1`)
+- Europe, Frankfurt, Germany (AWS/GCP `eu-central-1`)
+
+All data, user accounts, and infrastructure are completely separated between these two regions
+
+### Security Vulnerability Reporting Guidelines
+
+We value the security community's role in protecting our systems and users. To report a security vulnerability:
+
+- Email support@berri.ai with details
+- Include steps to reproduce the issue
+- Provide any relevant additional information
+
+We'll review all reports promptly. Note that we don't currently offer a bug bounty program.