# Nivk Security Policy
# RFC 9116 Compliant Security.txt
# Last Updated: 2025-12-28

# Security Contact Information
Contact: mailto:lawrence@nivk.com
Contact: https://nivk.com/contact

# Our Security Page
Acknowledgments: https://nivk.com/security-acknowledgments

# PGP Key for Encrypted Communications
# Encryption: https://nivk.com/.well-known/pgp-key.txt

# Preferred Languages for Security Reports
Preferred-Languages: en, fi, de, fr, nl, es, it, pt, pl

# Canonical URL for this security.txt
Canonical: https://nivk.com/.well-known/security.txt

# Policy Information
Policy: https://nivk.com/security-policy

# This file expires on (required by RFC 9116)
Expires: 2026-12-31T23:59:59.000Z

# Hiring Security Researchers
Hiring: https://nivk.com/careers

# ============================================
# VULNERABILITY DISCLOSURE POLICY
# ============================================
# 
# Nivk takes security seriously. If you discover a security
# vulnerability, please report it responsibly.
# 
# What we ask:
# - Give us reasonable time to fix the issue before disclosure
# - Don't access or modify data belonging to others
# - Don't perform attacks that could harm our users
# 
# What we promise:
# - We will respond within 48 hours
# - We will not pursue legal action for good-faith reports
# - We will credit researchers who help us (with permission)
# 
# Scope includes:
# - nivk.com and all subdomains
# - Nivk platform and APIs
# - Mobile applications (if applicable)
# 
# Out of scope:
# - Social engineering attacks
# - Physical security
# - Third-party services we use
# ============================================