Contact: mailto:support@rabbitkey.app
Expires: 2027-05-10T00:00:00.000Z
Preferred-Languages: en
Canonical: https://rabbitkey.app/.well-known/security.txt
Policy: https://rabbitkey.app/support#report-a-security-issue

# RabbitKey Security Disclosure
#
# We welcome responsible security disclosures. If you find a vulnerability:
#
# 1. Email support@rabbitkey.app with details and reproduction steps
# 2. We will acknowledge receipt within 48 hours
# 3. We will work with you on a fix before any public disclosure
# 4. We do not currently offer a bug bounty, but we will publicly credit
#    you (with your permission) in our release notes
#
# Please do not:
# - Publicly disclose the vulnerability before we have had a chance to fix it
# - Test on real user data or systems other than your own
# - Demand payment as a condition of disclosure