Security — Kalamy

Kalamy takes the security of our users' data seriously. This page describes how to report vulnerabilities and how to get in touch with our security team.

1. Reporting a vulnerability

If you believe you have found a security issue affecting Kalamy, please email [email protected] with:

A clear description of the issue and its impact
The exact endpoint, request, or component affected
Steps to reproduce, including any required tools or payloads
Optional: suggested remediation

We aim to acknowledge new reports within 5 business days and will keep you informed as we triage and resolve the issue.

2. Bug bounty program

Kalamy is an independent project without external funding. We do not currently operate a paid bug bounty program. We deeply appreciate responsible disclosures and are happy to credit researchers on this page upon request.

3. Acknowledgments

We thank the following researchers for responsibly disclosing security issues to Kalamy:

External researcher — April 2026

If you reported an issue and would like to be named here, email [email protected].

4. Contact

Security reports: [email protected]

General: [email protected]

security.txt: /.well-known/security.txt