# HiPajak Security Policy
# For security inquiries, please contact our security team

Contact: mailto:security@hipajak.id
Contact: mailto:cto@hipajak.id

Preferred-Languages: id, en

# Our security disclosure policy will be published at:
Policy: https://www.hipajak.id/security-policy

# This file expires in 1 year
Expires: 2027-03-15T00:00:00.000Z

# We welcome responsible security research
# Please do not:
# - Access or modify data that belongs to our customers
# - Degrade service availability
# - Use automated tools that cause performance issues
# - Share customer data or publicly disclose vulnerabilities before we fix them

# We commit to:
# - Respond to security reports within 3 business days
# - Keep you informed about our progress
# - Credit you for your discovery (if you wish)