Security practices

Epistola is open source. All changes are reviewed via pull requests and undergo automated linting, tests, and dependency scanning before release.

When you run Epistola yourself, you control the infrastructure, networking, and access policies. We recommend isolating render nodes, enabling TLS everywhere, and monitoring outputs for unauthorized changes.

Managed environments are deployed in dedicated namespaces with network policies, encrypted storage, and 24/7 monitoring. We support EU-region hosting on request.

Report vulnerabilities privately to security@epistola.app. We’ll acknowledge receipt within two business days and coordinate remediation steps.