# RFC 9116 — security.txt
# https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@auditlink.io
Contact: https://auditlink.io/security-trust

Expires: 2027-05-09T00:00:00.000Z

Preferred-Languages: en

Canonical: https://auditlink.io/.well-known/security.txt
Canonical: https://auditlink.app/.well-known/security.txt

Policy: https://auditlink.io/security-trust

# If you believe you have discovered a security vulnerability in any AuditLink
# system (the marketing site at auditlink.io, the application at auditlink.app,
# or our public APIs), please report it to the contact above.
#
# We commit to:
#   - Acknowledging your report within 2 business days.
#   - Investigating and providing a meaningful update within 10 business days.
#   - Crediting the reporter (with permission) once a fix has shipped.
#
# Please do NOT:
#   - Run automated scans that affect production availability.
#   - Access, modify, or delete data that is not your own.
#   - Publicly disclose details before we have remediated.
#
# Out of scope:
#   - Reports based solely on email/SPF/DMARC configuration of marketing
#     domains (we monitor these separately).
#   - Findings that require physical access to a victim's device.
#   - Social-engineering attempts targeting employees.
#
# Thank you for helping keep AuditLink and its customers safe.