# In Growth Solutions — Security Disclosure Policy
# RFC 9116 — https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@ingrowthsolutions.com
Contact: https://app.ingrowthsolutions.com/legal/security
Expires: 2027-05-04T23:59:59.000Z
Encryption: https://app.ingrowthsolutions.com/.well-known/security-pubkey.txt
Preferred-Languages: es, en, pt
Canonical: https://app.ingrowthsolutions.com/.well-known/security.txt
Policy: https://app.ingrowthsolutions.com/legal/security
Acknowledgments: https://app.ingrowthsolutions.com/legal/security#acknowledgments
Hiring: https://app.ingrowthsolutions.com/

# We welcome responsible disclosure of security vulnerabilities.
# Please avoid:
#   - Automated scans that generate excessive load
#   - Social engineering, physical attacks, DoS testing
#   - Accessing or modifying data of other users
#   - Public disclosure before we have had a reasonable opportunity to remediate
#
# We commit to:
#   - Acknowledging receipt within 72h
#   - Providing a status update within 7 days
#   - Crediting researchers (with consent) at /legal/security#acknowledgments
#
# Out of scope: third-party services (Supabase, Resend, Stripe, etc.) — please
# report those directly to the respective vendor.