// Trust & Security Report
MLflow Project (a Series of LF Projects, LLC / Linux Foundation)
Open-source, self-hosted AI/ML engineering platform (Apache 2.0): experiment tracking, LLM/agent tracing & observability, evaluation, prompt management, model registry, and an AI Gateway. Originally created by Databricks, donated to the Linux Foundation in 2020. No MLflow-operated hosted SaaS product exists for the core open-source project; third parties (e.g. Databricks, Nebius) separately sell managed-hosting offerings built on top of it.
Certifications held
0
Maturity
Unknown
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: mlflow.orgNo public evidence. mlflow.org has no trust center, security page, or compliance page; the project's GitHub security policy covers only vulnerability disclosure and does not mention SOC 2.
source: mlflow.orgNo public evidence of an ISO 27001 certification for the MLflow project.
source: mlflow.orgNo public evidence of an AI-governance certification.
source: lfprojects.orgNo MLflow-specific GDPR posture page. The only located privacy document, LF Projects' general privacy policy, covers website/cookie data collection on lfprojects.org and Linux Foundation project sites, not processing of user model/experiment data by the self-hosted software: "describes policies and procedures about the collection, use, disclosure and sharing of personal information when you use their websites... and participate in or use their Project sites."
source: mlflow.orgNo public evidence of a HIPAA compliance statement or BAA offering; no MLflow-operated hosted service exists to sign a BAA for.
source: mlflow.orgNo public evidence. Not applicable to a self-hosted OSS tracking/observability tool with no payment processing.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
User-controlled; self-hosted deployment means data residency is determined entirely by where the customer runs their own MLflow server/infrastructure. No MLflow-operated data centers exist for the core open-source product.
MLflow is self-hosted infrastructure software, not a hosted AI/ML service: users run MLflow on their own servers/cloud accounts, and their experiment data, traces, prompts, and models never transit an MLflow-operated backend. There is no MLflow entity that could train on customer data because there is no MLflow-run product tier that ingests it. This differs from third-party managed offerings (e.g. Databricks Managed MLflow) which are separate vendor products with their own data-handling terms not covered by this assessment.
// Security controls
Encryption in transit / at rest
Not applicable at the vendor level; self-hosted deployment means encryption is configured and controlled entirely by the customer's own infrastructure (e.g. TLS termination, storage encryption on their chosen backend).
mlflow.orgVulnerability disclosure
Managed via GitHub's coordinated/private vulnerability reporting process on the mlflow/mlflow repository; the project explicitly does not accept reports via bug-bounty platforms like Huntr.
github.comProject governance
Hosted under the Linux Foundation as "MLflow Project, a Series of LF Projects, LLC" - a vendor-neutral open governance model, Apache 2.0 licensed.
mlflow.orgKnown CVE history
MLflow has had publicly disclosed CVEs in the past (e.g. hard-coded default credentials, auth bypass, path traversal in artifact handling) that were patched via the standard OSS release process; this is normal for widely-used self-hosted OSS and is not a certification gap, but customers self-hosting MLflow are responsible for patching and hardening their own deployment.
github.com// Products & data scope
data: Fully self-hosted; customer controls all infrastructure, storage, and data. No data sent to an MLflow-operated backend.
Free, Apache 2.0 licensed. This is the product AIFOXX should list under the 'mlflow' slug.
data: Customer data processed within Databricks' hosted platform, subject to Databricks' own compliance program (not MLflow project's).
Separate commercial vendor (Databricks, Inc.). Any SOC2/ISO27001/HIPAA certifications for this offering belong to Databricks and must NOT be attributed to the MLflow open-source project.
data: Customer data processed within Nebius' cloud, subject to Nebius' own terms/compliance program.
Separate commercial vendor (Nebius). Same host-vs-vendor caveat as Databricks Managed MLflow.
// What to watch
- MLflow is an open-source, self-hosted project (Apache 2.0, governed by LF Projects, LLC / Linux Foundation), not a commercial SaaS vendor. There is no trust center, SOC2/ISO/HIPAA certification, or DPA for the core open-source software because there is no MLflow-operated service that processes customer data.
- Host-vs-vendor risk: managed/hosted MLflow offerings exist from third parties (notably Databricks Managed MLflow, and Nebius). Any compliance certifications those hosts hold belong to the HOST, not to the MLflow project - AIFOXX must not display Databricks' or Nebius' SOC2/ISO badges on a generic 'MLflow' listing.
- The only privacy document found (LF Projects' privacy policy) governs website/cookie data on lfprojects.org and Linux Foundation project sites in general, not the software's handling of user experiment/model data - it should not be read as a data-processing privacy policy for the MLflow product itself.
- The maturity taxonomy (enterprise/growth/startup) is a poor fit for a widely-adopted (30M+ downloads/month, Linux Foundation-governed) open-source project with no commercial vendor entity; graded 'unknown' rather than forced into a SaaS-vendor category.
// At a glance
Pricing model
Free and open source (Apache 2.0) for the core self-hosted project; paid managed-hosting alternatives are sold separately by third parties (Databricks, Nebius, and others)
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on MLflow Project (a Series of LF Projects, LLC / Linux Foundation)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
lfprojects.org