# SoundAssist security disclosure
#
# RFC 9116 (security.txt). Tells security researchers where + how
# to contact us about vulnerabilities they find. Renew before Expires
# fires (1 year from publication) - calendar reminder is on Andre.

Contact: mailto:info@soundassist.online
Expires: 2027-05-25T00:00:00.000Z
Preferred-Languages: en, nl
Canonical: https://app.soundassist.online/.well-known/security.txt

# Policy:
# - We acknowledge reports within 5 business days.
# - We aim to triage + patch high-severity issues within 14 days.
# - We will publicly credit you in the changelog if you wish.
# - We don't run a paid bug-bounty program yet. We do send swag /
#   handwritten thanks for quality reports.
# - Out of scope: social-engineering of staff, physical attacks,
#   DOS testing, and vulnerabilities in third parties we don't run
#   (Resend, Stripe, Supabase, Cloudflare, Vercel - report those
#   directly to the vendors).