Contact: mailto:security@deductly.ca
Expires: 2027-06-06T00:00:00.000Z
Preferred-Languages: en
Canonical: https://deductly.ca/.well-known/security.txt
Policy: https://deductly.ca/about

# Deductly responsible disclosure
# We follow coordinated disclosure. Report vulnerabilities to security@deductly.ca.
# We respond within 48 hours and credit researchers in changelog entries.
# Out of scope: rate-limit bypass via cold-starting serverless functions, theoretical CSP issues without a working exploit, missing security headers on static assets.