# Security disclosure policy for ReVisualize Studio
# Conforms to RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)
# https://revisualizestudio.com/.well-known/security.txt

Contact: mailto:revisualizestudio@gmail.com
Expires: 2027-05-30T23:59:59.000Z
Preferred-Languages: en
Canonical: https://revisualizestudio.com/.well-known/security.txt
Policy: https://revisualizestudio.com/editorial-policy

# Scope: revisualizestudio.com and *.revisualizestudio.com.
# Please email the address above with a clear reproduction, impact assessment,
# and any proof-of-concept. We acknowledge reports within 48 hours and aim to
# remediate confirmed vulnerabilities within 30 days. Please do not publicly
# disclose until we have had a chance to respond.
#
# Do not run automated scanners against /app or any authenticated endpoint
# without prior coordination — those routes are noindexed and are not part of
# the public attack surface we ask researchers to test.