# Hubity Security Policy
# https://hubity.io/.well-known/security.txt
# This file follows the security.txt standard (RFC 9116)

Contact: mailto:security@hubity.io
Expires: 2027-02-16T00:00:00.000Z
Preferred-Languages: en
Canonical: https://hubity.io/.well-known/security.txt
Policy: https://hubity.io/security

# Encryption
# PGP key available upon request at security@hubity.io

# Acknowledgments
# We appreciate responsible security research. Researchers who report
# valid vulnerabilities will be acknowledged (with permission) on our
# security page.

# Scope
# In scope: hubity.io, dev.hubity.io, API endpoints
# Out of scope: Third-party services, social engineering, DDoS