Responsible disclosure

Security matters here.

If you believe you have found a security issue involving Trophonios, please report it privately and provide enough detail to reproduce it.

How to report an issue

Email security@trophonios.com with the affected hostname or URL, a clear description, reproduction steps, and the likely impact. Avoid including secrets or personal data unless they are essential to the report.

The machine-readable disclosure record is available at /.well-known/security.txt.

Good-faith guidelines

Scope and expectations

Only systems under the trophonios.com domain are in scope. Third-party services, upstream software, and availability-only findings are outside this policy. This is a small, privately operated environment, so no bug bounty or monetary reward is offered.