Contact: mailto:security@vibecodingeye.com
Contact: mailto:founder@vibecodingeye.com
Expires: 2027-04-19T00:00:00.000Z
Preferred-Languages: en, es
Canonical: https://vibecodingeye.com/.well-known/security.txt
Policy: https://vibecodingeye.com/legal/terms
Acknowledgments: https://vibecodingeye.com/security/hall-of-fame

# Responsible disclosure policy
#
# If you find a security vulnerability in VCEye (vibecodingeye.com), please:
#  1. Email security@vibecodingeye.com with details (PoC, affected endpoint, impact).
#  2. Do not publicly disclose until we have acknowledged and fixed (target: 90 days).
#  3. Do not run automated scanners / fuzzers against production without prior coordination.
#  4. Do not test on other customers' data.
#
# We will:
#  - Acknowledge within 72 hours.
#  - Keep you informed on remediation progress.
#  - Credit you in our hall of fame (unless you request anonymity).
#  - Offer a bug bounty once the program is formalized.
#
# Scope: the vibecodingeye.com domain and subdomains we control. NOT in scope: third-party
# services we consume (Supabase, Vercel, Polar, Anthropic) — please report those directly
# to their respective security teams.