Contact: mailto:support@exitbid.io
Expires: 2027-04-27T00:00:00.000Z
Preferred-Languages: en, ru
Canonical: https://exitbid.io/.well-known/security.txt
Policy: https://exitbid.io/terms

# Responsible disclosure policy:
#
# ExitBid welcomes security research and responsible disclosure. If you have
# identified a vulnerability in our platform (exitbid.io) or supporting infrastructure,
# please report it to support@exitbid.io with a clear description, reproduction steps,
# and expected/actual impact.
#
# We commit to:
#   - Acknowledging receipt within 3 business days
#   - Providing a status update within 7 business days
#   - Working with researchers in good faith to remediate verified issues
#   - Crediting researchers who request credit (after fix deployment)
#
# Out of scope: social engineering, physical attacks, denial-of-service testing
# without explicit written permission, third-party services we depend on
# (Cloudflare, Supabase, Creem.io, NowPayments, Resend), and the test environments
# at *.exitbid.pages.dev.