Contact: mailto:maloni@outlook.com
Preferred-Languages: ro, en
Canonical: https://credizen.ro/.well-known/security.txt
Expires: 2026-05-22T23:59:59Z
Encryption: https://credizen.ro/pgp-key.txt
Acknowledgments: https://credizen.ro/ro-RO/security-hall-of-fame

# Security Contact Information for Credizen.ro
# ============================================
# 
# If you discover a security vulnerability on Credizen.ro, 
# please report it responsibly to the email address above.
#
# Operated by: Maloni
# CUI: 27207617
# Address: Rybná 716/24, Staré Město, 110 00 Praha 1, Czech Republic
#
# Scope:
# - Web application vulnerabilities (XSS, SQL injection, CSRF, etc.)
# - Authentication and authorization bypasses
# - Personal data exposure or GDPR violations
# - API security issues
# - Infrastructure vulnerabilities
#
# Out of Scope:
# - Social engineering attacks
# - Physical security
# - Third-party IFN partner websites (report directly to them)
# - Denial of Service (DoS/DDoS) attacks
#
# Response Time:
# - We aim to acknowledge reports within 48 hours
# - Initial assessment within 5 business days
# - Fix deployment timeline depends on severity (critical: <7 days)
#
# Disclosure Policy:
# - Please allow 90 days for remediation before public disclosure
# - We will credit researchers (unless anonymity is requested)
# - No bug bounty program currently, but public acknowledgment on Hall of Fame page
#
# Legal Safe Harbor:
# - Good faith security research is authorized and will not result in legal action
# - Please do not access, modify, or delete user data beyond what's necessary for PoC
# - Do not perform testing on production systems that could cause service disruption
#
# Romanian Data Protection Authority Contact (for GDPR violations):
# ANSPDCP - Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
# Website: https://www.dataprotection.ro
# Email: anspdcp@dataprotection.ro
# Phone: +40 318 059 211
#
# PGP Key: https://credizen.ro/pgp-key.txt (optional - not yet implemented)
#
# Last Updated: 2025-05-22
# Version: 1.0