Security

Last updated: April 2026

Entity: Lamina, operated by Vokab Technologies Pvt. Ltd. and/or its affiliates

Reporting a Vulnerability

If you believe you have discovered a security vulnerability in Lamina, please report it to us at lamina@getmason.io.

Please include the following in your report:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • The affected URL or component
  • Your assessment of the potential impact

We will acknowledge your report within 3 business days and aim to provide a resolution timeline within 10 business days.

Scope

The following types of issues are considered in scope for our vulnerability disclosure programme:

  • Authentication or authorization bypasses
  • Data exposure or leaks
  • Cross-site scripting (XSS), SQL injection, or other injection attacks
  • Server-side request forgery (SSRF)
  • Insecure direct object references
  • Any vulnerability that compromises user data or system integrity

Out of Scope

The following are not considered security vulnerabilities under this policy:

  • Denial of service (DoS/DDoS) attacks
  • Social engineering or phishing
  • Physical security issues
  • Issues in third-party services we integrate with (report those to the respective provider)
  • Spam or rate limiting issues

Safe Harbor

We support responsible disclosure. If you report a vulnerability in good faith and follow this policy, we will not pursue legal action against you. We ask that you:

  • Do not access or modify other users' data
  • Do not perform actions that could harm the service or its users
  • Do not publicly disclose the vulnerability before we've had a chance to address it
  • Provide sufficient detail for us to reproduce and fix the issue

Our Security Practices

  • All data encrypted in transit (HTTPS/TLS) and at rest
  • Authentication via Google and GitHub OAuth (Supabase Auth)
  • Integration credentials encrypted using AES-256 symmetric encryption
  • LLM API providers (OpenAI, Anthropic, Google) do not use API data for model training
  • Regular monitoring of application logs and infrastructure

Contact

For security issues, contact us at lamina@getmason.io.

See also: Sub-Processors | Privacy Policy | Terms of Service