diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..276b74d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,20 @@ +# Security Policy + +## Reporting a vulnerability + +Please report security issues privately to **hi@ofox.ai** — do not open a +public issue. Include what you found, how to reproduce it, and the potential +impact. + +We'll acknowledge your report within 48 hours and keep you updated on the fix. + +## Scope + +This policy covers the ofox API gateway (`api.ofox.ai`), the dashboard +(`app.ofox.ai`), and all public repositories in this organization. A repository +with its own `SECURITY.md` follows that file instead. + +## Handling API keys + +If you believe an ofox API key has been exposed, rotate it immediately from +your dashboard and let us know at the address above.