# RAEK View responsible disclosure policy.
#
# We welcome reports of security vulnerabilities from researchers acting
# in good faith. Please report through the contact channel below; we
# acknowledge within one business day and aim to triage HIGH/CRITICAL
# findings within 72 hours.
#
# Out of scope: social engineering of staff or customers, denial-of-
# service testing against production, automated scanning that generates
# excessive load, and physical attacks on Anthropic, Vercel, Neon,
# Supabase, or Upstash facilities.
#
# In scope: anything in raekview.com, the RAEK View API
# (/api/v1/*), the tracker (cv.min.js), authentication and session
# handling, billing flows, integration OAuth flows, and the partner
# white-label system.
#
# We don't run a paid bug bounty yet. We do offer public credit on the
# disclosure page below for valid findings, with researcher consent.

Contact: mailto:security@raekview.com
Expires: 2027-04-27T00:00:00Z
Preferred-Languages: en
Canonical: https://raekview.com/.well-known/security.txt
Policy: https://raekview.com/security