Contact: mailto:security@yonderhop.com
Expires: 2026-12-31T23:59:59.000Z
Preferred-Languages: en
Canonical: https://yonderhop.com/.well-known/security.txt

# Security Policy

Thank you for helping keep YonderHop and our users safe!

## Reporting a Vulnerability

If you discover a security vulnerability, please report it to us at:
security@yonderhop.com

Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes

## What to Expect

- We will acknowledge receipt within 48 hours
- We will provide an estimated timeline for fixes
- We will keep you informed of progress
- We will credit you in our security hall of fame (unless you prefer to remain anonymous)

## Scope

In scope:
- https://yonderhop.com
- API endpoints under /api/*
- Admin panel at /y-con

Out of scope:
- Social engineering attacks
- Physical attacks
- Third-party services we integrate with

## Responsible Disclosure

We ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Do not access, modify, or delete user data
- Do not perform actions that could harm our service availability

Thank you for helping us maintain a secure service!