-----BEGIN NEXTLEVELSEC SECURITY.TXT-----

Contact: mailto:security@nextlevelsec.io
Expires: 2027-06-01T00:00:00.000Z
Preferred-Languages: en
Canonical: https://nextlevelsec.io/security.txt
Policy: https://nextlevelsec.io/security-policy

# NextLevelSec Responsible Disclosure Policy
# ============================================
#
# We take security seriously — it's literally what we do.
# If you've found a vulnerability in our systems or website,
# we want to hear from you.
#
# SCOPE:
#   - nextlevelsec.io and all subdomains
#   - NextLevelSec web applications and APIs
#   - Our client-facing dashboard
#
# OUT OF SCOPE:
#   - Social engineering attacks targeting our staff
#   - Physical security attacks
#   - Denial of service attacks
#   - Vulnerabilities in third-party services we don't control
#
# WHAT WE PROMISE:
#   - We will acknowledge receipt within 24 hours
#   - We will provide an initial assessment within 72 hours
#   - We will not pursue legal action against good-faith reporters
#   - We will credit you in our Hall of Fame (if you want)
#   - We will communicate our remediation timeline
#
# PLEASE INCLUDE:
#   - Description of the vulnerability
#   - Steps to reproduce
#   - Potential impact
#   - Your contact information (optional)
#
# DO NOT:
#   - Access or exfiltrate client data
#   - Disrupt production systems
#   - Publicly disclose before we've had a chance to remediate
#
# HALL OF FAME:
#   https://nextlevelsec.io/hall-of-fame
#
# PGP KEY:
#   https://nextlevelsec.io/pgp-key.asc
#
# Thank you for helping us stay secure.
# — The NextLevelSec Security Team

-----END NEXTLEVELSEC SECURITY.TXT-----