# PULSE security disclosure policy
# https://securitytxt.org/  (RFC 9116)

Contact: mailto:support@pulse-optimization.com
Expires: 2027-06-11T00:00:00Z
Preferred-Languages: en
Canonical: https://pulse-optimization.com/.well-known/security.txt
Policy: https://pulse-optimization.com/terms

# Scope
#
# In scope:
#   - https://pulse-optimization.com  (this site)
#   - https://api.pulse-optimization.com  (account/RBAC API)
#   - The PULSE desktop installer at /download/pulse-installer.exe
#
# Out of scope:
#   - Self-hosted instances modified by users
#   - Issues that require physical access to a victim's unlocked machine
#   - Social-engineering attacks on PULSE staff
#   - Anything in third-party services (Paddle, Supabase, Cloudflare,
#     Resend) — please report those to the respective vendor
#
# We do not currently run a paid bounty program; we will publicly credit
# researchers (or anonymously, your choice) once a fix has shipped.