# Security Policy for ZenoAssist
# https://zenoassist.com

Contact: support@zenoassist.com
Expires: 2026-12-01T00:00:00.000Z
Preferred-Languages: en
Canonical: https://zenoassist.com/.well-known/security.txt

# Security Contact
If you discover a security vulnerability, please report it to:
Email: support@zenoassist.com

# Encryption
Our security team's PGP key is available at:
https://zenoassist.com/pgp-key.txt

# Acknowledgments
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.

# Policy
- Please do not publicly disclose the vulnerability until we have had a chance to address it
- We aim to respond to security reports within 48 hours
- We will keep you informed of our progress
- We do not run a bug bounty program at this time

# Scope
In scope:
- zenoassist.com and all subdomains
- API endpoints
- Widget code
- Authentication systems

Out of scope:
- Social engineering attacks
- Physical attacks
- Denial of service attacks
- Issues in third-party services

# Safe Harbor
We support safe harbor for security researchers who:
- Make a good faith effort to avoid privacy violations and data destruction
- Only interact with accounts you own or with explicit permission
- Do not exploit a vulnerability beyond what is necessary to demonstrate it
- Report vulnerabilities promptly
- Keep vulnerability details confidential until we have addressed them

Thank you for helping keep ZenoAssist and our users safe!