Contact: mailto:security@tupeer.com
Expires: 2027-04-27T00:00:00.000Z
Preferred-Languages: en
Canonical: https://tupeer.com/.well-known/security.txt
Policy: https://tupeer.com/.well-known/security.txt

# Tupeer security disclosure policy
#
# We welcome reports of vulnerabilities affecting tupeer.com,
# app.tupeer.com, or api.tupeer.com. Please email security@tupeer.com
# with reproduction steps and any artifacts. We acknowledge within 3
# business days and will keep you informed through remediation.
#
# Out of scope:
#   - Theoretical issues without proof of concept
#   - Reports requiring physical access to a user's device
#   - Volumetric / DoS testing without prior coordination
#   - Spam / phishing of Tupeer users
#
# Please don't:
#   - Access, modify, or delete data that isn't yours
#   - Run automated scans that disrupt service
#   - Disclose publicly before we've confirmed remediation
#
# We don't currently run a paid bug bounty program; we publicly credit
# valid reports in our changelog if you'd like attribution.