Security & Responsible Disclosure

Lampas is a privacy-first reading app with no servers and no data collection. If you have found a security vulnerability, we appreciate your help in disclosing it responsibly.

This page covers Lampas specifically. For the umbrella policy covering all KhassinX apps and infrastructure, see khassinx.com/security.

Reporting

Email: [email protected]
Machine-readable disclosure pointer: /.well-known/security.txt (RFC 9116)

Please include a brief description, reproduction steps, and the impact you observed.

Scope

• lampas.khassinx.com (this website)
• The Lampas iOS / iPadOS / macOS / watchOS app on the Apple App Store

Out of scope

• Third-party services (Apple App Store, Apple iCloud) — please report to Apple directly via security.apple.com
• Volumetric attacks (DDoS, brute force) — not vulnerabilities
• Reports generated solely by automated scanners without reproducible proof of impact

Safe harbor

We will not pursue legal action against researchers acting in good faith — investigating, reporting, and respecting our scope rules, and giving us reasonable time to remediate before public disclosure. For the full safe-harbor terms, response targets, and recognition policy, see the umbrella security policy.

Contact

Security disclosure: [email protected]
General contact: [email protected]