SECURITY.md

Short version: WLJS Notebook runs locally and does not collect or transmit your data unless you explicitly choose a feature that needs the network.

• We donot collect analytics or telemetry.
• We donot upload your notebooks, code, or data to our servers.
• We donot send automatic crash reports.

WLJS Notebook is offline-first. Network access occursonly when you initiate features that require it, for example:

• Opening links or remote assets you add to a notebook.
• Using packages, examples, or resources hosted online that you choose to load.
• Checking for or downloading releases from GitHub (if you click to do so).
• Opening published notebooks via thewljs-message:// URL scheme (if you click such links).

WLJS Notebook uses theWolfram Engine to execute Wolfram Language code. The Wolfram Engine is developed by Wolfram Research, Inc. andmay contact Wolfram servers for actions such as:

• Product activation and license validation (including entitlement checks).
• Downloading documentation, paclets, or other resources you request.
• Any other network activity covered by Wolfram’s own terms.

Those behaviors are governed by Wolfram’s licenses and policies, not ours. Please review:

• Wolfram Engine license and terms:https://www.wolfram.com/legal/terms/wolfram-engine.html

• Your notebooks and settings are stored on your device or on the storage locations you choose.
• Any logs created by WLJS Notebook are written locally. You control if/when you share them for support.

• Keep WLJS Notebook fully offline by avoiding network-requiring features.
• Use the Wolfram Engine in an offline-licensed mode where permissible by Wolfram’s terms.
• Review and restrict your operating system’s network permissions and firewall rules.

If you notice unexpected network activity or have privacy questions, please contact us via
GitHub Discussions:https://github.com/JerryI/wolfram-js-frontend/discussions

There aren’t any published security advisories