Contact: mailto:security@mypitlab.com Expires: 2026-12-31T23:59:59.000Z Encryption: https://mypitlab.com/.well-known/pgp-key.txt Preferred-Languages: en Canonical: https://mypitlab.com/.well-known/security.txt Policy: https://mypitlab.com/security-policy # Security Policy We take security seriously. If you discover a security vulnerability, please follow these guidelines: ## Reporting a Vulnerability 1. **Do NOT** create a public GitHub issue 2. Email security@mypitlab.com with: - Description of the vulnerability - Steps to reproduce - Potential impact - Suggested fix (if any) ## What to Expect - We will acknowledge receipt within 48 hours - We will provide an initial assessment within 7 days - We will keep you updated on our progress - We will credit you (if desired) when the vulnerability is fixed ## Scope **In Scope:** - Authentication and authorization flaws - Data exposure vulnerabilities - Injection attacks (SQL, XSS, etc.) - CSRF vulnerabilities - Server-side request forgery (SSRF) - Remote code execution **Out of Scope:** - Social engineering attacks - Physical security issues - Denial of service (DoS) attacks - Issues requiring physical access - Issues in third-party services (Supabase, Vercel, etc.) ## Safe Harbor We will not pursue legal action against security researchers who: - Act in good faith - Do not access or modify data beyond what is necessary - Do not cause harm to our users or systems - Report vulnerabilities promptly Thank you for helping keep our platform secure!