Security Policy

First of all: if you're reading this, I'd like to thank you 🙏 for your interest in submitting a security report regarding any aspects of my mini-hosting service for non-profits and poor organisations!

I'm not really fussy in the way you contact me — the best way is simply to email me at (or optionally, if the first bounces emails), or, naturally enough, on any of the emails listed on the security.txt file.

I would just ask you to send the email encrypted with OpenPGP, using my key, which can be retrieved from several public sources with the fingerprint CE8A6006B611850F127572BAD93EAA3DC4B3E1CB.

For encrypted instant messaging, I'm fond of using Keybase. You can check the ownership of this site you're viewing right now by retrieving their signed claim on the usual location:

Again: thank you very much for the time you spent discovering those security flaws and reaching me with your report. It's duly appreciated, and I will do my best to fix everything accordingly!

Cheers 🙂👋