# TextCortex Security Policy
# This file follows RFC 9116 standard for security vulnerability disclosure
# https://www.rfc-editor.org/rfc/rfc9116

# Our security email address for reporting vulnerabilities
Contact: mailto:security@textcortex.com

# Our preferred languages for communication (English primary, others supported)
Preferred-Languages: en, de, fr, es, tr

# Link to our security policy
Policy: https://app.textcortex.com/security-policy

# Acknowledgments page for security researchers
Acknowledgments: https://app.textcortex.com/security/acknowledgments

# PGP key for encrypted communications
Encryption: https://app.textcortex.com/pgp-key.txt

# Expiry date for this file (update annually)
# ISO 8601 format: YYYY-MM-DDThh:mm:ssTZD
Expires: 2025-12-31T23:59:59Z

# Canonical URL for this file
Canonical: https://app.textcortex.com/.well-known/security.txt

# Additional Information
# ========================
# We take security seriously at TextCortex. If you discover a security
# vulnerability, please report it to security@textcortex.com
#
# When reporting a vulnerability, please include:
# - A description of the vulnerability
# - Steps to reproduce the issue
# - Potential impact
# - Any suggested remediation
#
# We aim to respond to security reports within 48 hours and will keep
# you informed throughout the resolution process.
#
# Responsible Disclosure:
# We kindly ask that you:
# - Allow us reasonable time to address the issue before public disclosure
# - Avoid accessing or modifying user data without permission
# - Not perform actions that could harm our services or users
#
# We appreciate your efforts in keeping TextCortex secure!