Security

Security

Effective May 9, 2026

Security is part of how we build. This page covers how we approach security on redanthos.com and how to reach us responsibly if you find an issue. Each of our products — TrouperList and Race Flow — has its own security posture, documented on its own site.

How we operate this site

  • Static hosting. redanthos.com is a static site served by Cloudflare Pages. There is no application server, database, or user account system on this domain.
  • HTTPS everywhere. All traffic is served over TLS with HTTP automatically redirected to HTTPS.
  • Edge protections. We rely on Cloudflare’s edge for DDoS mitigation, WAF, and bot management.
  • Minimal data. We don’t collect personal information through this site beyond what’s described in our Privacy Policy.

Reporting a vulnerability

If you believe you’ve found a security issue affecting redanthos.com, please tell us. Email hello@redanthos.com with:

  • A clear description of the issue;
  • Steps to reproduce, including affected URLs;
  • The potential impact, as you understand it;
  • Any proof-of-concept code or screenshots.

We aim to acknowledge reports within five business days and to keep you informed as we investigate and remediate.

Safe harbor

If you make a good-faith effort to comply with this policy when investigating and reporting a vulnerability, we’ll consider your research authorized, won’t pursue legal action against you, and will work with you to understand and resolve the issue.

Good-faith research means: avoid privacy violations, destruction of data, and interruption or degradation of our services; only interact with accounts you own or have explicit permission to test; give us reasonable time to remediate before any public disclosure.

Out of scope

The following are generally out of scope for this site:

  • Findings from automated scanners without a demonstrated impact;
  • Missing best-practice headers without a demonstrated exploit;
  • Denial-of-service attacks or volumetric testing;
  • Social engineering of Red Anthos Development staff or contractors;
  • Issues in third-party services we don’t control (report those to the vendor).

Bug bounty

We don’t currently run a paid bug bounty. We’re a small shop and, where appropriate, we’re happy to publicly credit researchers who report valid issues.

Contact

Security questions or reports: hello@redanthos.com.