# Palatable — security disclosure policy
# Per RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)

Contact: mailto:hello@palateandpen.co.uk
Expires: 2027-05-27T23:59:59.000Z
Preferred-Languages: en
Canonical: https://bepalatable.co.uk/.well-known/security.txt
Policy: https://bepalatable.co.uk/privacy

# Found a vulnerability?
# Please email hello@palateandpen.co.uk with:
#   - A clear description of the issue
#   - Steps to reproduce
#   - The affected URL or endpoint
#   - Any proof-of-concept (avoid destructive testing on live data)
#
# We aim to acknowledge within 2 working days and to ship a fix or
# mitigation within 30 days for high-severity issues.
#
# Please do NOT:
#   - Test on customer accounts you don't own
#   - Use destructive techniques (DROP TABLE, mass account deletion)
#   - Publicly disclose before we've had a chance to remediate