# ════════════════════════════════════════════════════════════════════════════
# Vulnerability disclosure / security contact for recov.pro
# Format : RFC 9116 (security.txt)
# ════════════════════════════════════════════════════════════════════════════

Contact: mailto:pedro.berbel@dezvolta.org
Contact: https://recov.pro/securite-audit.html#signaler-faille
Expires: 2027-05-13T00:00:00.000Z
Preferred-Languages: fr, en
Canonical: https://recov.pro/.well-known/security.txt
Policy: https://recov.pro/securite-audit.html#signaler-faille

# Disclosure policy
# - Acknowledgement under 48 business hours
# - Triage and fix timeline communicated within 5 business days
# - Coordinated disclosure preferred (90 days default)
# - No public bug bounty program at this stage
# - Out of scope : DoS, social engineering, physical access, third-party
#   services (Stripe, Supabase, Vercel, Resend, Anthropic, Cloudflare)
#
# Editor : DEZVOLTA — SIREN 948 914 072 — France
# Documentation : https://recov.pro/securite-audit.html