# TagDrishti security contact (RFC 9116)
# Closes pre-pentest gap §8 #6 + §2.
#
# Found something that looks wrong? Email security@tagdrishti.com.
# Full policy: https://tagdrishti.com/security#responsible-disclosure

Contact: mailto:security@tagdrishti.com
Contact: https://tagdrishti.com/security#responsible-disclosure
Expires: 2027-05-04T00:00:00Z
Encryption: https://tagdrishti.com/.well-known/pgp-key.txt
Acknowledgments: https://tagdrishti.com/security/hall-of-fame
Policy: https://tagdrishti.com/security#responsible-disclosure
Hiring: https://tagdrishti.com/careers
Preferred-Languages: en
Canonical: https://tagdrishti.com/.well-known/security.txt

# Notes
# -----
# - Our acknowledgement SLA is 48 hours; triage in 7 days; Critical
#   fixes within 30 days. See the policy URL above.
# - We do not currently offer a paid bounty. Researchers who report
#   real findings get public credit on the Acknowledgments page.
# - PGP / GPG-encrypted email is welcome. The Encryption: URL above
#   serves an ASCII-armored public key once one is published; until
#   then, plain email is fine.
# - This file is unsigned. We will move to a Signature: directive
#   once the PGP key is published (target: 2026-Q3, alongside SOC 2
#   Type II evidence collection).