# Security Policy for Chumi
# Last Updated: 2025-01-25

# Contact Information
Contact: security@daedalusinteractive.ai
Contact: support@daedalusinteractive.ai

# Encryption
Encryption: https://www.chumi.io/publickey.txt

# Acknowledgments
Acknowledgments: https://www.chumi.io/security/hall-of-fame

# Policy
Policy: https://www.chumi.io/security-policy

# Canonical
Canonical: https://www.chumi.io/.well-known/security.txt

# Preferred Languages
Preferred-Languages: en, zh

# Expires
Expires: 2025-12-31T23:59:59.000Z

# Company
# Daedalus Interactive Inc
# North America

# Security Scope
# This security.txt applies to:
# - https://www.chumi.io
# - All subdomains of www.chumi.io
# - Our mobile applications (when released)
# - Our API endpoints

# Vulnerability Disclosure Guidelines
# We appreciate responsible disclosure of security vulnerabilities.
# Please allow us 90 days to address issues before public disclosure.
# We commit to acknowledging receipt within 48 hours.
# Critical vulnerabilities will be prioritized immediately.

# Bug Bounty Program
# We currently do not have a formal bug bounty program.
# However, we greatly appreciate security researchers who help us improve.
# Recognition will be given in our Hall of Fame with permission.