# Our security.txt — vulnerability disclosure information
# Based on RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)

Contact: mailto:security@financemate.de
Policy: https://www.financemate.de/security-disclosure-policy
Preferred-Languages: en
Canonical: https://www.financemate.de/.well-known/security.txt

# Notes:
# - We currently do NOT operate a paid bug bounty program.
# - We welcome responsible vulnerability reports and provide safe harbor
#   for good-faith research that follows our disclosure policy.
# - Please avoid testing that could impact users, access or download data,
#   or disrupt production systems.
# - Acknowledge receipt within 5 business days; fixes prioritized by severity.
Expires: 2026-10-06T23:59:00Z