// Trust & Security Report

    MLflow Project (a Series of LF Projects, LLC / Linux Foundation) logo

    MLflow Project (a Series of LF Projects, LLC / Linux Foundation)

    Open-source, self-hosted AI/ML engineering platform (Apache 2.0): experiment tracking, LLM/agent tracing & observability, evaluation, prompt management, model registry, and an AI Gateway. Originally created by Databricks, donated to the Linux Foundation in 2020. No MLflow-operated hosted SaaS product exists for the core open-source project; third parties (e.g. Databricks, Nebius) separately sell managed-hosting offerings built on top of it.

    Certifications held

    0

    Maturity

    Unknown

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 9 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. mlflow.org has no trust center, security page, or compliance page; the project's GitHub security policy covers only vulnerability disclosure and does not mention SOC 2.

    source: mlflow.org
    ISO 27001
    NOT CONFIRMED

    No public evidence of an ISO 27001 certification for the MLflow project.

    source: mlflow.org
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    No public evidence.

    source: mlflow.org
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    No public evidence of an AI-governance certification.

    source: mlflow.org
    CSA STAR
    NOT CONFIRMED

    No public evidence.

    source: mlflow.org
    GDPR (posture)
    NOT CONFIRMED

    No MLflow-specific GDPR posture page. The only located privacy document, LF Projects' general privacy policy, covers website/cookie data collection on lfprojects.org and Linux Foundation project sites, not processing of user model/experiment data by the self-hosted software: "describes policies and procedures about the collection, use, disclosure and sharing of personal information when you use their websites... and participate in or use their Project sites."

    source: lfprojects.org
    HIPAA
    NOT CONFIRMED

    No public evidence of a HIPAA compliance statement or BAA offering; no MLflow-operated hosted service exists to sign a BAA for.

    source: mlflow.org
    PCI DSS
    NOT CONFIRMED

    No public evidence. Not applicable to a self-hosted OSS tracking/observability tool with no payment processing.

    source: mlflow.org
    FedRAMP
    NOT CONFIRMED

    No public evidence.

    source: mlflow.org

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    User-controlled; self-hosted deployment means data residency is determined entirely by where the customer runs their own MLflow server/infrastructure. No MLflow-operated data centers exist for the core open-source product.

    MLflow is self-hosted infrastructure software, not a hosted AI/ML service: users run MLflow on their own servers/cloud accounts, and their experiment data, traces, prompts, and models never transit an MLflow-operated backend. There is no MLflow entity that could train on customer data because there is no MLflow-run product tier that ingests it. This differs from third-party managed offerings (e.g. Databricks Managed MLflow) which are separate vendor products with their own data-handling terms not covered by this assessment.

    // Security controls

    Encryption in transit / at rest

    Not applicable at the vendor level; self-hosted deployment means encryption is configured and controlled entirely by the customer's own infrastructure (e.g. TLS termination, storage encryption on their chosen backend).

    mlflow.org

    Vulnerability disclosure

    Managed via GitHub's coordinated/private vulnerability reporting process on the mlflow/mlflow repository; the project explicitly does not accept reports via bug-bounty platforms like Huntr.

    github.com

    Project governance

    Hosted under the Linux Foundation as "MLflow Project, a Series of LF Projects, LLC" - a vendor-neutral open governance model, Apache 2.0 licensed.

    mlflow.org

    Known CVE history

    MLflow has had publicly disclosed CVEs in the past (e.g. hard-coded default credentials, auth bypass, path traversal in artifact handling) that were patched via the standard OSS release process; this is normal for widely-used self-hosted OSS and is not a certification gap, but customers self-hosting MLflow are responsible for patching and hardening their own deployment.

    github.com

    // Products & data scope

    MLflow (Open Source Core)Self-hosted ML/LLM/agent tracking, tracing, evaluation, prompt management, and model registry

    data: Fully self-hosted; customer controls all infrastructure, storage, and data. No data sent to an MLflow-operated backend.

    Free, Apache 2.0 licensed. This is the product AIFOXX should list under the 'mlflow' slug.

    Databricks Managed MLflowThird-party managed/hosted version of MLflow

    data: Customer data processed within Databricks' hosted platform, subject to Databricks' own compliance program (not MLflow project's).

    Separate commercial vendor (Databricks, Inc.). Any SOC2/ISO27001/HIPAA certifications for this offering belong to Databricks and must NOT be attributed to the MLflow open-source project.

    Nebius Managed Service for MLflowThird-party managed/hosted version of MLflow

    data: Customer data processed within Nebius' cloud, subject to Nebius' own terms/compliance program.

    Separate commercial vendor (Nebius). Same host-vs-vendor caveat as Databricks Managed MLflow.

    // What to watch

    • MLflow is an open-source, self-hosted project (Apache 2.0, governed by LF Projects, LLC / Linux Foundation), not a commercial SaaS vendor. There is no trust center, SOC2/ISO/HIPAA certification, or DPA for the core open-source software because there is no MLflow-operated service that processes customer data.
    • Host-vs-vendor risk: managed/hosted MLflow offerings exist from third parties (notably Databricks Managed MLflow, and Nebius). Any compliance certifications those hosts hold belong to the HOST, not to the MLflow project - AIFOXX must not display Databricks' or Nebius' SOC2/ISO badges on a generic 'MLflow' listing.
    • The only privacy document found (LF Projects' privacy policy) governs website/cookie data on lfprojects.org and Linux Foundation project sites in general, not the software's handling of user experiment/model data - it should not be read as a data-processing privacy policy for the MLflow product itself.
    • The maturity taxonomy (enterprise/growth/startup) is a poor fit for a widely-adopted (30M+ downloads/month, Linux Foundation-governed) open-source project with no commercial vendor entity; graded 'unknown' rather than forced into a SaaS-vendor category.

    // At a glance

    Pricing model

    Free and open source (Apache 2.0) for the core self-hosted project; paid managed-hosting alternatives are sold separately by third parties (Databricks, Nebius, and others)

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on MLflow Project (a Series of LF Projects, LLC / Linux Foundation)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    lfprojects.org

    > Browse all vendor trust reports