# Planckchron Inc. Security Disclosure Policy
# https://securitytxt.org/

Contact: mailto:security@planckchron.com
Contact: tel:+1-424-799-0460
Contact: https://planckchron.com/security/report

# Canonical location of this file
Canonical: https://planckchron.com/.well-known/security.txt

# Language preferences for security reports
Preferred-Languages: en

# Policy expiration date
Expires: 2026-12-31T23:59:59.000Z

# Our security policy page
Policy: https://planckchron.com/security-policy

# We're hiring security professionals
Hiring: https://planckchron.com/careers

# Hall of Fame for security researchers
Acknowledgments: https://planckchron.com/security/acknowledgments

# PGP Key for encrypted communications
# Encryption: https://planckchron.com/.well-known/pgp-key.txt

# CSAF (Common Security Advisory Framework) provider
# CSAF: https://planckchron.com/.well-known/csaf/provider-metadata.json

# Response commitment
# We acknowledge security reports within 24 hours
# We provide status updates within 48 hours
# We aim to resolve critical issues within 72 hours

# Scope
# This security.txt applies to all *.planckchron.com domains
# including but not limited to:
# - planckchron.com (main website)
# - api.planckchron.com (API endpoints)
# - app.planckchron.com (web applications)
# - cloud.planckchron.com (cloud services)

# Out of Scope
# - Third-party services and integrations
# - Social media accounts
# - Physical security issues

# Rewards
# We offer recognition in our security acknowledgments page
# For exceptional findings, we may offer additional rewards

# Safe Harbor
# We will not pursue legal action against security researchers
# who act in good faith and comply with our responsible disclosure policy