# City Stow Security Policy
# RFC 9116 Compliant - https://securitytxt.org/
# Last generated: 2026-03-04T10:43:29Z

Contact: mailto:security@citystow.com
Expires: 2026-06-02T10:43:29Z
Encryption: https://citystow.com/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://citystow.com/.well-known/security.txt
Policy: https://citystow.com/security
Acknowledgments: https://citystow.com/security#vulnerabilities
Hiring: https://citystow.com/careers

# Vulnerability Disclosure Program
# We offer monetary rewards for qualifying security reports.
# See our Security Center for details: https://citystow.com/security

# Severity-based bounty rewards:
# Critical: $2,500 - $5,000
# High: $1,000 - $2,500
# Medium: $250 - $1,000
# Low: $50 - $250

# Response Timeline:
# - Initial acknowledgment: 24 hours
# - Severity assessment: 7 days
# - Resolution target: 30 days
# - Public disclosure: 90 days (coordinated)

# Safe Harbor: We will not pursue legal action against researchers
# who report vulnerabilities in good faith through proper channels.