Skip to content

Trust & deployment guide

This guide provides essential information about GlassAlpha's architecture, licensing, security, compliance, and deployment to help organizations evaluate and confidently adopt the tool.

Architecture & design

Built for enterprise reliability

GlassAlpha uses a plugin-based architecture designed for extensibility and reliability:

  • Component Registration: Models, explainers, and metrics register themselves dynamically
  • Configuration-Driven: YAML configuration files control all behavior deterministically
  • Protocol-Based Interfaces: Clean separation of concerns with type-safe interfaces
  • Audit Trail Integration: Every decision and component selection is logged for reproducibility

System flow

User Configuration → Component Selection → Data Processing →
Model Loading → Explanation Generation → Metrics Computation →
PDF Report Generation → Audit Manifest Creation

Key Benefits:

  • Deterministic Outputs: Same configuration = identical results
  • Extensible Framework: Easy to add new model types and explainers
  • Enterprise Ready: Clear separation between OSS and commercial features

Licensing & dependencies

Open source foundation

  • Core License: Apache 2.0 - Full commercial use permitted
  • No GPL Dependencies: Carefully curated stack avoids license contamination
  • Enterprise Compatible: Compatible with corporate licensing requirements

Technology stack confidence

Component License Purpose Enterprise Ready
Python SHAP MIT Explanations ✅ No GPL issues
XGBoost Apache 2.0 Tree models ✅ Compatible family
scikit-learn BSD Baseline models ✅ Academic standard
WeasyPrint BSD PDF generation ✅ Pure Python

Licensing Benefits:

  • Commercial Use: No restrictions on internal or external use
  • Integration Ready: Compatible with proprietary systems
  • Container Friendly: Works in Docker/Kubernetes without conflicts
  • Audit Compliant: Full source transparency for regulatory review

Security & privacy

Security-first design

  • Local Processing: All analysis happens on your infrastructure
  • No Data Transmission: Your data never leaves your environment
  • Privacy by Default: No telemetry collection (opt-in only)
  • Audit Logging: Complete activity tracking without storing sensitive data

Enterprise security features

  • File-Based Storage: No persistent databases required
  • Memory Cleanup: Sensitive data cleared after processing
  • Reproducible Security: All operations are deterministic and auditable
  • Air-Gap Compatible: Full offline operation capability

Security reporting

  • Vulnerability Reports: security@glassalpha.com
  • Response Time: 48-hour acknowledgment target
  • Responsible Disclosure: Coordinated vulnerability handling

Regulatory compliance

Supported frameworks

GlassAlpha addresses key regulatory requirements:

EU GDPR (Article 22)

  • Right to explanation for automated decisions
  • Data protection and consent requirements

US Fair Lending (ECOA/FCRA)

  • Non-discrimination in credit decisions
  • Accuracy and fairness in reporting

EU AI Act (2024)

  • Risk classification and transparency
  • Human oversight and quality management

Compliance features

  • Deterministic Audits: Reproducible results for regulatory verification
  • Complete Lineage: Full audit trails with cryptographic hashes
  • Professional Reports: Publication-quality documentation
  • Fairness Metrics: Demographic parity and equal opportunity analysis

Deployment & production

Deployment options

Local Installation

git clone https://github.com/GlassAlpha/glassalpha
cd glassalpha/packages
pip install -e .

Container Deployment

  • Compatible with Docker and Kubernetes
  • No external dependencies required
  • Works in air-gapped environments

CI/CD Integration

  • Automated builds with locked dependency versions
  • Reproducible installation across environments
  • Git-based version control integration

Production considerations

Performance

  • Memory Efficient: Streaming processing for large datasets
  • Fast Execution: Under 60 seconds for typical audits
  • Scalable: Parallel processing support

Monitoring & Maintenance

  • Version Pinning: Locked dependencies for reproducibility
  • Update Strategy: Clear migration paths between versions
  • Support Model: Community support with enterprise options

Confidence indicators

Why organizations trust GlassAlpha

Open Source Transparency: Full code visibility for security review ✅ Enterprise License Compatibility: No GPL contamination or restrictions ✅ Regulatory Focus: Designed specifically for compliance requirements ✅ Deterministic Behavior: Reproducible results essential for audits ✅ Professional Quality: Production-ready for enterprise deployment ✅ Security-First Design: Local processing, no data transmission ✅ Extensible Architecture: Future-proof for new model types and regulations

Getting started

  1. Install: pip install -e . in the packages directory
  2. First Audit: glassalpha audit --config configs/german_credit_simple.yaml --output audit.pdf
  3. Customize: Modify configuration files for your specific use case
  4. Deploy: Use in production with confidence in licensing and security

For detailed technical information, see the Contributing Guide and Troubleshooting.