# RISKOPILOT — Responsible Disclosure
# https://riskopilot.com/.well-known/security.txt

Contact: mailto:security@riskopilot.com
Contact: mailto:contact@riskopilot.com
Expires: 2027-01-01T00:00:00.000Z
Preferred-Languages: en, fr
Canonical: https://riskopilot.com/.well-known/security.txt
Policy: https://riskopilot.com/privacy
Acknowledgments: https://riskopilot.com/about

# We welcome responsible disclosure of security vulnerabilities.
# Please email security@riskopilot.com with:
#   - A clear description of the issue and reproduction steps
#   - Affected URL(s) or component(s)
#   - Your contact details for follow-up
#
# We commit to:
#   - Acknowledge receipt within 2 business days
#   - Provide a remediation timeline within 7 business days
#   - Credit you publicly (with your consent) once the fix ships
#
# Please do NOT:
#   - Run automated scanners against production without prior approval
#   - Access, modify, or exfiltrate other users' data
#   - Publicly disclose the issue before we have remediated it