Interamnia takes the security of our platform and the privacy of practitioner and client data seriously. This page describes how to report a vulnerability and what to expect when you do.
Reporting a vulnerability
If you believe you have found a security vulnerability in Interamnia, please report it to us directly rather than disclosing it publicly.
Email security@interamnia.io with a description of the issue, steps to reproduce, and any supporting material.
We will acknowledge your report within 3 business days and aim to provide a resolution timeline within 10 business days depending on severity.
What we ask of you
- Give us reasonable time to investigate and remediate before public disclosure
- Do not access, modify, or exfiltrate data belonging to other users
- Do not perform denial-of-service testing or automated scanning against production systems
- Act in good faith — we will do the same
Scope
The following are in scope for responsible disclosure:
- interamnia.io and all subdomains
- The Interamnia web application and API
- OAuth integrations (including the Canva integration)
The following are out of scope: third-party services we rely on (Fly.io, Stripe, Resend, Canva), social engineering, and physical security.
Our commitments
- We will not take legal action against researchers acting in good faith
- We will acknowledge your contribution if you wish to be credited
- We will notify affected users if a breach of their data occurs, in accordance with applicable law
Security practices
Interamnia is built with security as a core concern. Our practices include:
- OWASP Top 10 review applied to application development
- Encryption at rest and in transit for all customer data
- OAuth tokens revoked and personal data deleted within 30 days of disconnection
- Managed infrastructure on Fly.io with PostgreSQL for data storage
- Supply chain hygiene including dependency auditing
Questions? security@interamnia.io