Contact: mailto:roger@planyourpassing.org
Expires: 2027-12-31T23:59:59.000Z
Acknowledgments: https://planyourpassing.org/security
Preferred-Languages: en
Canonical: https://planyourpassing.org/.well-known/security.txt
Policy: https://planyourpassing.org/security

# Plan Your Passing security disclosure policy
#
# If you've found a vulnerability, please email roger@planyourpassing.org
# with reproduction steps. We commit to:
#   - Acknowledge receipt within 48 hours
#   - Provide a timeline for remediation within 7 days
#   - Credit reporters publicly on /security (with permission)
#   - Never pursue legal action against good-faith researchers
#
# Out of scope:
#   - Stripe-hosted checkout (report to security@stripe.com)
#   - Vercel platform (report to security@vercel.com)
#   - Resend transactional email (report to security@resend.com)