# Clipflow security disclosure policy
# Format follows RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)

Contact: mailto:security@clipflow.to
Contact: https://clipflow.to/security
Expires: 2027-05-07T00:00:00.000Z
Preferred-Languages: en, de
Canonical: https://clipflow.to/.well-known/security.txt
Policy: https://clipflow.to/security

# Please do NOT include exploit details or proof-of-concept payloads
# in unencrypted email. We acknowledge reports within 2 business days.
#
# We don't currently run a paid bug-bounty programme. We do credit
# every confirmed report on the security page (with the reporter's
# permission) and ship fixes ASAP.