Contact: mailto:security@quantaseal.io
Expires: 2027-05-27T00:00:00.000Z
Encryption: https://quantaseal.io/.well-known/pgp-key.txt
Preferred-Languages: en
Policy: https://quantaseal.io/security/disclosure
Acknowledgments: https://quantaseal.io/security/disclosure#acknowledgments
Canonical: https://quantaseal.io/.well-known/security.txt

# QuantaSeal Vulnerability Disclosure Policy
# RFC 9116 - https://www.rfc-editor.org/rfc/rfc9116
#
# Key fingerprint: D866 301F 83C1 F7D4 CF4F  87F4 DA64 E1C9 BCB5 A2FE
# Key type: Curve25519 (ECC) · UID: QuantaSeal Security <security@quantaseal.io>
#
# Scope: api.quantaseal.io, app.quantaseal.io, quantaseal.io, SDKs, MCP Server
# Out of scope: DoS attacks, social engineering, physical attacks
#
# Response SLA: Acknowledgement < 24 h · Critical < 7 days · High < 30 days