Security

Kompas keeps desktop data local by default and stores provider credentials using the app encryption key configured for your installation.

The public landing site is static, served through Cloudflare Pages, and uses restrictive headers for framing, referrer, permissions, and content types.

Please report security concerns through the contact page until the public repository and formal security policy are published.