Built to be inspectable.
Eastsoft ships protocols, not platforms. The implication is simple: there is nothing for you to install, no telemetry stream, and no remote runtime to compromise. What you can audit is the source — and we make that easy.
Three posture commitments.
Where most companies publish a security page full of certifications, ours is mostly architecture — because the architecture is the answer.
Pure-text protocol
I-Lang is a grammar of symbols already inside every LLM's training data. There is no SDK, no binary, no daemon. Nothing to compromise client-side because there is nothing client-side to begin with.
We do not store your prompts
Eastsoft does not operate a model-inference service. Your prompts go to the LLM provider you chose; we never see them. Our products are spec, not service.
Open by default, MIT licensed
Every Eastsoft repository is public. Every release is signed. Every dependency is pinned. ScanCode runs on each merge — and we don't ship if it isn't green.
Responsible disclosure.
If you find a vulnerability in any Eastsoft repository, the protocol spec, or in our public infrastructure (ilang.ai, research.ilang.ai, etc.) — please tell us before telling the world. We commit to acknowledge within 72 hours.
security.txtPlease do not run automated scans against our public services without coordination. We answer all good-faith reports — even ones outside our scope — and we will say so honestly if a finding is informational rather than exploitable.