# SafePrompt Security Disclosure Policy
# RFC 9116 - https://securitytxt.org/

Contact: mailto:security@safeprompt.dev
Contact: https://safeprompt.dev/contact?subject=security
Expires: 2026-10-21T00:00:00.000Z
Preferred-Languages: en
Canonical: https://safeprompt.dev/.well-known/security.txt

# PGP Key (optional - for encrypted communications)
# Encryption: https://safeprompt.dev/.well-known/pgp-key.txt

Policy: https://safeprompt.dev/security-policy

# Scope
# This security.txt applies to:
# - https://safeprompt.dev (website)
# - https://dashboard.safeprompt.dev (dashboard)
# - https://api.safeprompt.dev (API)
# - All SafePrompt subdomains

Acknowledgments: https://safeprompt.dev/security-acknowledgments

# Vulnerability Disclosure Program
# We take security seriously and appreciate responsible disclosure.
#
# Please include in your report:
# - Description of the vulnerability
# - Steps to reproduce
# - Potential impact
# - Suggested remediation (if applicable)
#
# We commit to:
# - Acknowledge receipt within 48 hours
# - Provide initial assessment within 5 business days
# - Keep you informed of remediation progress
# - Credit you in our security acknowledgments (if desired)
#
# Please do NOT:
# - Access or modify data that doesn't belong to you
# - Perform denial of service attacks
# - Test in production without permission
# - Use automated scanners without prior approval
#
# Safe Harbor: We will not pursue legal action against researchers
# who discover and report vulnerabilities in good faith.