# ============================================
# security.txt for finsiderai.com
# Per RFC 9116 (https://securitytxt.org/)
# Place at: /.well-known/security.txt
# ============================================

Contact: mailto:security@finsiderai.com
Contact: https://finsiderai.com/contact/
Expires: 2027-01-15T00:00:00.000Z
Preferred-Languages: en, hi
Canonical: https://finsiderai.com/.well-known/security.txt
Policy: https://finsiderai.com/security-policy/
Acknowledgments: https://finsiderai.com/security-acknowledgments/

# ============================================
# Reporting guidelines
# ============================================
# If you've found a security vulnerability:
# 1. Email security@finsiderai.com with details
# 2. Allow 90 days for resolution before public disclosure
# 3. Do not exploit, modify, or access user data
# 4. We acknowledge all valid reports within 48 hours
#
# Scope:
# - finsiderai.com and all subdomains
# - Calculator logic, XSS, CSRF, injection vulnerabilities
# - Out of scope: third-party services (Google AdSense, fonts)
#
# Thank you for helping keep FinsiderAI secure.