# QuickPly — security disclosure policy
# https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@quickply.com
Expires: 2027-05-10T00:00:00.000Z
Encryption: https://quickply.com/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://quickply.com/.well-known/security.txt
Policy: https://quickply.com/security
Acknowledgments: https://quickply.com/security#hall-of-thanks

# Scope
# - app.quickply.com   (production dashboard + API)
# - quickply.com       (marketing)
# - api.quickply.com   (public Bearer-auth API at /api/v1/*)
#
# Out of scope: third-party services we depend on (report directly to them
# at supabase.com/security, vercel.com/security, etc.)
#
# Please don't run scans that affect availability for other customers.
# We respond to good-faith reports within one business day.