Contact

Three public channels by reason. We use GitHub for support and security incidents (no email, no tracked forms). For personal data, the legal controller is IDK Manager.

General / support

Open a GitHub issue →

Usage questions, suggestions, non-commercial partnerships, press. Public reply on the repo.

Personal data (LOPDP)

Contact IDK Manager →

ARCO+ rights, LOPDP exercise, regulatory inquiries. Data controller is IDK Manager. We answer within 15 business days.

Security (responsible disclosure)

Report a private advisory →

Vulnerability reports via GitHub Security Advisories (private, encrypted in transit). RFC 9116 policy at /.well-known/security.txt. We answer in 48 h.

Responsible disclosure policy

For security reports we use GitHub Security Advisories: private by default, encrypted in transit, auditable, and supports coordinated embargo and disclosure with the reporter. We do not maintain a PGP key.

Full policy: /.well-known/security.txt (RFC 9116)
Private report: github.com/idkmanager/firmar-ec/security/advisories/new

Issues and pull requests

For code issues, open an issue or PR on GitHub:

For IDK Manager internal use, primary repository at git.idkmanager.com/alfonso/firmar-ec.