Security Policy

# Security Policy for Everetts Place
# https://everetts.place
# RFC 9116-compatible security contact policy.
# For automated tooling, see the machine-readable block below.

Contact: mailto:everetts.place7@gmail.com
Expires: 2027-07-13T00:00:00.000Z
Preferred-Languages: en
Canonical: https://everetts.place/pages/security-txt
Policy: https://everetts.place/pages/security-txt

# We appreciate responsible disclosure. Please report vulnerabilities
# to the contact above. We aim to acknowledge reports within 3 business
# days and remediate valid issues within 30 days for high-severity items.
# We do not currently offer a paid bug bounty, but we credit reporters
# with permission.

# Out of scope:
#  - Denial of service / brute-force attacks
#  - Social engineering of employees or vendors
#  - Physical attacks on our storefront
#  - Any testing that affects other customers' data or shopping experience