# RFC 9116 — security.txt for SilentHosts
# https://silenthosts.io/.well-known/security.txt

Contact: mailto:legal@silenthosts.io
Contact: https://silenthosts.io/contact
Expires: 2027-04-30T17:31:51.650Z
Preferred-Languages: en
Canonical: https://silenthosts.io/.well-known/security.txt
Policy: https://silenthosts.io/legal/aup
Acknowledgments: https://silenthosts.io/about

# Vulnerability disclosure timeline:
#   * Initial response within 48 hours (typical < 12 hours during EU business hours)
#   * Triage and fix ETA within 5 business days
#   * Coordinated disclosure window: 90 days from initial report
#
# We DO NOT operate a paid bug bounty at this stage, but we credit researchers
# who report responsibly on the /about acknowledgments roll (with consent).
#
# In scope: https://silenthosts.io and *.silenthosts.io
# Out of scope: Customer-deployed services on customer VPS instances —
#   those are operated by the customer, not SilentHosts. Report security
#   issues affecting a specific customer's service to that customer directly.