At Soul, security is an important part of how we design and operate the platform. Because Soul deals with compilers, generated binaries, and filesystem-related tools, we apply technical and organizational measures intended to protect users, source code, generated outputs, and platform infrastructure.
Our compilation infrastructure is designed to reduce risk through isolation, restricted execution environments, and controlled access to platform resources.
Where possible, we use infrastructure and service providers located within the European Economic Area or subject to appropriate data protection safeguards.
Specific hosting locations, providers, or infrastructure arrangements may change over time as the platform evolves.
Connections to the Soul website and platform are protected using HTTPS/TLS where applicable.
User passwords are stored using secure password hashing mechanisms. We do not store plain-text passwords.
Users are responsible for keeping their credentials secure and for avoiding the inclusion of private keys, passwords, tokens, production secrets, or other sensitive credentials in source code submitted for compilation.
Source code submitted to the compiler is processed for the purpose of generating binaries and providing compiler diagnostics.
We do not claim ownership of your source code, and we do not use your private source code to train artificial intelligence models, resell it, or publish it.
Build artifacts, compiler logs, generated binaries, and related metadata may be temporarily retained where necessary to provide the service, troubleshoot issues, verify licenses, prevent abuse, or maintain platform security.
Generated binaries are produced by the Soul compiler according to the submitted source code, selected build options, and applicable license configuration.
We recommend that users test generated binaries in safe environments before production deployment and verify file hashes or checksums where operationally appropriate.
Soul-generated binaries are not intended to include advertising trackers. Any telemetry, diagnostics, or update-related functionality, if introduced in the future, will be documented where applicable.
Because Soul-generated tools may perform filesystem and infrastructure operations, users are responsible for reviewing, testing, and validating their code and generated binaries before using them with real data or production systems.
We welcome responsible reports from security researchers and users who discover potential vulnerabilities in the Soul website, platform, compiler, or generated binaries.
Please report security issues to security@soul-run.com. If that address is not yet active, please use info@soul-run.com.
When reporting a vulnerability, please include enough technical detail to help us understand and reproduce the issue, while avoiding unnecessary access to other users' data or systems.
We ask security researchers to act responsibly and avoid actions that could harm users, compromise data, disrupt service availability, bypass authentication, or access information that does not belong to them.
Testing should be limited to your own accounts, your own code, and systems you are authorized to assess.
We appreciate coordinated disclosure and ask that you give us a reasonable opportunity to investigate and address valid reports before public disclosure.
While we take security seriously and apply safeguards appropriate to the nature of the platform, no online service, compiler, or software system can be guaranteed to be completely secure or free from vulnerabilities.
This page is provided for transparency and does not create a warranty, service level agreement, or guarantee of uninterrupted, error-free, or vulnerability-free operation.
For security-related questions or vulnerability reports, contact us at security@soul-run.com or info@soul-run.com.