Contact: mailto:security@replyo.hu
Contact: https://replyo.hu/security.html#report
Contact: mailto:info@replyo.hu
Expires: 2027-05-13T00:00:00.000Z
Preferred-Languages: hu, en
Canonical: https://replyo.hu/.well-known/security.txt
Policy: https://replyo.hu/security.html
Acknowledgments: https://replyo.hu/security.html#thanks

# Felelős sebezhetőség-bejelentés / Responsible Disclosure
#
# If you find a security issue in Replyo, please email security@replyo.hu.
# Include: detailed description, reproduction steps, impact assessment.
# We commit to:
#   - Acknowledge within 48 hours
#   - Provide initial response with timeline within 5 business days
#   - Fix critical issues within 7 days, others within 30 days
#   - Public credit (with your consent) once fix is deployed
#
# Out of scope:
#   - Social engineering of staff / customers
#   - Physical attacks
#   - Denial of service (DDoS)
#   - Self-XSS or attacks requiring physical device access
#
# In scope:
#   - replyo.hu, api.replyo.hu, admin.replyo.hu, billing.replyo.hu
#   - The widget.js client running on customer websites
#   - All /api/* endpoints