Contact: mailto:security@myfaithplanner.com
Contact: https://myfaithplanner.com/support
Expires: 2026-10-01T00:00:00.000Z
Preferred-Languages: en
Canonical: https://myfaithplanner.com/.well-known/security.txt
Policy: https://myfaithplanner.com/legal/vulnerability-disclosure
Acknowledgments: https://myfaithplanner.com/security-acknowledgments

# Vulnerability Disclosure Policy

We take security seriously at MyFaithPlanner. If you discover a security 
vulnerability, please follow responsible disclosure:

1. Email security@myfaithplanner.com with details
2. Do NOT publicly disclose until we've had time to address the issue
3. Allow us at least 90 days to investigate and patch
4. We will acknowledge your report within 48 hours

# Scope

In scope:
- myfaithplanner.com and all subdomains
- API endpoints
- Authentication and authorization flows
- Data leakage or exposure issues
- SQL injection, XSS, CSRF vulnerabilities

Out of scope:
- Social engineering attacks
- Physical attacks
- DDoS attacks
- Issues in third-party dependencies (report to maintainers)

# Rewards

While we do not currently offer a monetary bug bounty program, we will:
- Publicly acknowledge your contribution (with your permission)
- Provide priority support for your account
- Consider premium subscription credits for critical findings

Thank you for helping keep MyFaithPlanner secure!