# RFC 9116 — Security disclosure contact for dajai.io
# https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:pacmandizzle702@gmail.com
Contact: https://dajai.io/contact/
Expires: 2027-04-20T00:00:00.000Z
Preferred-Languages: en
Canonical: https://dajai.io/.well-known/security.txt
Policy: https://dajai.io/security/

# Acknowledgments
# Researchers who report verified vulnerabilities will be credited
# (with consent) in the next dajai.io/changelog/ entry.

# Scope
# In scope:    dajai.io · cba.dajai.io · videos.dajai.io · brain.dajai.io
# Out of scope: any subdomain not listed above
#               third-party services we use (report directly to vendor)

# Coordinated disclosure
# Please give us 14 days to respond and 90 days to remediate before
# any public disclosure. Critical findings: same-day acknowledgment.

# Response SLA
# Critical (RCE, auth bypass, data exposure):  acknowledge < 24 hours
# High (XSS, CSRF, IDOR):                      acknowledge < 48 hours
# Medium / Low:                                acknowledge < 7 days

# Built by
# DAJAI Stewart-Handy · Las Vegas, NV
# Sovereign infrastructure — no third-party security vendor.