# Zbelthas Security Policy — RFC 9116
# https://zbelthas.com/.well-known/security.txt

Contact: mailto:security@zbelthas.com
Contact: https://zbelthas.com/trust
Expires: 2027-12-31T23:59:59Z
Preferred-Languages: en, it
Canonical: https://zbelthas.com/.well-known/security.txt
Policy: https://zbelthas.com/trust#responsible-disclosure
Acknowledgments: https://zbelthas.com/trust

# Scope
# In scope:  zbelthas.com, *.zbelthas.com, signed Zbelthas release artifacts
# Out of scope: third-party services we do not operate, social engineering of staff,
#               physical attacks, recently disclosed CVEs (<30 days) in upstream deps.
#
# Please report vulnerabilities privately first.  Acknowledgement within 72 hours,
# triage within 7 days.  Researchers acting in good faith under this policy benefit
# from safe-harbor.  Do not exfiltrate user data; stop at proof of concept.