# Our security policy
# Please report security vulnerabilities responsibly

Contact: mailto:freesplitz01@gmail.com
Preferred-Languages: en
Canonical: https://freesplitz.duckdns.org/.well-known/security.txt
Policy: https://freesplitz.duckdns.org/security-policy.html
Acknowledgments: https://freesplitz.duckdns.org/security-acknowledgments.html
Expires: 2026-12-31T23:59:59.000Z

# Encryption
# If you have security-sensitive information to share, please use our PGP key
# Encryption: https://freesplitz.duckdns.org/pgp-key.txt

# Scope
# This security.txt file applies to:
# - https://freesplitz.duckdns.org
# - All subdomains of freesplitz.duckdns.org
# - FreeSplitz web application and API endpoints

# Reporting
# When reporting vulnerabilities, please include:
# - Detailed description of the vulnerability
# - Steps to reproduce the issue
# - Potential impact assessment
# - Any proof-of-concept code or screenshots
# - Your contact information for follow-up

# Response
# We aim to respond to security reports within 48 hours
# We will keep you updated on the progress of the fix

# Safe Harbor
# We support responsible disclosure of security vulnerabilities
# We will not pursue legal action against security researchers
# who discover and report vulnerabilities in good faith

# Out of Scope
# The following are out of scope:
# - Social engineering attacks
# - Denial of Service (DoS/DDoS) attacks
# - Physical attacks
# - Attacks requiring physical access to user devices