# Hovermarks security disclosure policy
#
# Verified researchers: please report vulnerabilities to the Contact
# address below rather than disclose publicly. We acknowledge every
# report within 1 business day and provide fix-or-status updates weekly.
# Public disclosure: please coordinate with us — typical window is 90
# days from a confirmed fix.
#
# We do not currently operate a paid bug-bounty programme. Acknowledgment
# in our security advisories is offered for novel, high-impact findings.
#
# This file is RFC 9116 (security.txt). Renew before the Expires date.

Contact: mailto:security@hovermarks.com
Expires: 2027-05-22T00:00:00.000Z
Canonical: https://hovermarks.com/.well-known/security.txt
Canonical: https://hovermarks.co.uk/.well-known/security.txt
Policy: https://hovermarks.com/security
Preferred-Languages: en