Contact: security@sentriq.io
Contact: https://github.com/eric-garc/sentriq-azure/security/advisories/new
Expires: 2025-12-31T23:59:59.000Z
Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/[PGP_KEY_FINGERPRINT]
Acknowledgments: https://sentriq.io/security/acknowledgments
Preferred-Languages: en
Canonical: https://sentriq.io/.well-known/security.txt
Policy: https://sentriq.io/security/policy

# SentrIQ Security Contact Information
# 
# Thank you for helping keep SentrIQ and our users safe!
#
# Security Reporting Guidelines:
# 1. Please report security vulnerabilities responsibly
# 2. Do not publicly disclose issues until we've had time to address them
# 3. We aim to respond to security reports within 24 hours
# 4. We will work with you to understand and resolve the issue quickly
# 5. We may offer recognition for valid security findings
#
# Scope:
# - SentrIQ application (sentriq.io)
# - SentrIQ Azure deployment infrastructure
# - Client-side security vulnerabilities
# - Authentication and authorization bypasses
# - Data exposure vulnerabilities
# - Infrastructure misconfigurations
#
# Out of Scope:
# - Social engineering attacks
# - Physical security issues
# - Denial of service attacks
# - Rate limiting bypasses (unless leading to data exposure)
# - Issues in third-party services we don't control
# - Non-security related bugs
#
# Safe Harbor:
# We support safe harbor for security researchers who:
# - Make a good faith effort to avoid privacy violations and data destruction
# - Only interact with accounts you own or with explicit permission
# - Don't perform attacks that could harm the reliability/integrity of our services
# - Don't access or download data that doesn't belong to you
# - Report the vulnerability promptly and don't disclose it publicly until resolved
#
# We will not pursue legal action against researchers who follow these guidelines.