# GIVE→ALIGN — security.txt (RFC 9116)
#
# This file documents how to report a security vulnerability against
# https://givealign.com and the GIVE→ALIGN PWA / API stack. Security
# researchers should follow the disclosure flow at /security/vdp before
# (or alongside) using these contacts.
#
# Last updated: 2026-06-15. Bump this whenever the policy at /security/vdp
# changes, the contact email rotates, or the Expires window approaches.

Contact: mailto:security@givealign.com
Expires: 2027-06-15T00:00:00.000Z
Preferred-Languages: en
Canonical: https://givealign.com/.well-known/security.txt
Policy: https://givealign.com/security/vdp
Acknowledgments: https://givealign.com/security/vdp#hall-of-fame

# We acknowledge good-faith researchers publicly at the Acknowledgments
# URL above. To be included, follow the scope + safe-harbor terms in the
# Policy URL and email a write-up to the Contact address. We aim to
# triage initial reports within 3 business days.