# RPTX Software — Security disclosure policy
# RFC 9116 — https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@rptxsoftware.com
Contact: https://rptxsoftware.com/trust.html#vulnerability-disclosure
Expires: 2027-01-01T00:00:00.000Z
Preferred-Languages: en
Canonical: https://rptxsoftware.com/.well-known/security.txt
Policy: https://rptxsoftware.com/trust.html#vulnerability-disclosure
Acknowledgments: https://rptxsoftware.com/trust.html#hall-of-fame

# If you have found a security issue in any product operated by RPTX LLC
# (including askfolder.com), please email security@rptxsoftware.com with a
# clear reproduction and proof of concept. We will acknowledge within one
# business day, agree a coordinated disclosure timeline, and credit you
# publicly if you wish.
#
# In scope:
#   - rptxsoftware.com and subdomains
#   - askfolder.com and subdomains
#   - RPTX-authored client libraries and CLI tools
#
# Out of scope:
#   - Third-party services listed at https://rptxsoftware.com/subprocessors.html
#   - Denial of service, social engineering, physical attacks
#   - Automated scanner output without proof of exploitability