# validant.ai - Security disclosure
# Conforms to RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)

Contact: mailto:security@validant.ai
Expires: 2027-05-12T23:59:59.000Z
Preferred-Languages: en, de
Canonical: https://validant.ai/.well-known/security.txt
Policy: https://validant.ai/security
Acknowledgments: https://validant.ai/security#rewards

# PGP key to be published. Until it is, encrypted submissions may be made via
# the recipient's enterprise S/MIME certificate on request.
# Encryption: https://validant.ai/.well-known/security-key.asc

# If you are a researcher reporting under our safe-harbour policy at
# https://validant.ai/security please include in your report:
#   - a clear description of the vulnerability and its impact
#   - reproduction steps
#   - the asset(s) affected
#   - your preferred attribution (or request anonymity)
#
# We acknowledge reports within 2 business days and provide an initial
# assessment within 5 business days. Thank you for helping keep validant.ai
# trustworthy.