# GrowTK Security Policy
# Last Updated: 2026-04-18

Contact: mailto:security@growtk.co
Contact: https://www.growtk.co/contact
Preferred-Languages: en
Canonical: https://www.growtk.co/.well-known/security.txt

# Scope
# This policy applies to:
# - https://www.growtk.co
# - All subdomains of growtk.co
# - GrowTK API endpoints

# Reporting
# Please report security vulnerabilities to security@growtk.co
# Include:
# 1. Description of the vulnerability
# 2. Steps to reproduce
# 3. Potential impact
# 4. Any proof-of-concept code

# Response Time
# We aim to acknowledge reports within 48 hours
# and provide updates every 7 days

# Policy
# We follow responsible disclosure practices
# Please allow us reasonable time to address issues
# before public disclosure

Acknowledgments: https://www.growtk.co/security-acknowledgments

# Encryption
# For sensitive reports, use PGP encryption
# Public key available at: https://www.growtk.co/pgp-key.asc

Expires: 2027-04-18T23:59:59.000Z