Security Posture & Disclosure

1. Defense Philosophy

Intarmour treats security not as a compliance checklist, but as a continuous state of readiness. We apply the same rigor to our own infrastructure as we do to our High-Net-Worth and Critical Infrastructure clients.

2. Secure Communication (PGP)

For sensitive inquiries, whistleblower reports, or high-value asset discussions, we strongly recommend the use of PGP encryption.

Intarmour Public Key:

• Fingerprint: C6B5 A606 8640 2967 EBDC 4F1B 4BAE E763 17F7 D489
• Email: security@intarmour.com
• Expiration: 2051-01-06
• Key Download: Download Public Key (.asc)

To verify the integrity of our communications, always cross-reference the fingerprint above.

3. Vulnerability Disclosure Policy (VDP)

We value the contribution of the security research community. If you identify a vulnerability in our public-facing infrastructure, we encourage responsible disclosure.

Protocol:

1. Encrypt your findings using our PGP key.
2. Send the report to security@intarmour.com.
3. Safe Harbor: We will not pursue legal action against researchers who discover and report security vulnerabilities in good faith and in accordance with this policy.

4. Infrastructure Hardening

Our digital presence is fortified through:

• Data Sovereignty: Self-hosted analytics (Matomo) to prevent third-party leakage.
• Header Security: Strict implementation of HSTS, CSP, and X-Frame-Options.
• Minimal Surface Area: Reduced attack surface through code minimization and static generation architecture.