# Security Policy - ROGA AI LIMITED (The AI CMO)
# This file follows the security.txt standard: https://securitytxt.org/

Contact: mailto:security@theaicmo.com
Expires: 2026-12-31T23:59:59.000Z
Preferred-Languages: en
Canonical: https://theaicmo.com/.well-known/security.txt
Policy: https://theaicmo.com/privacy

# Responsible Disclosure Policy
#
# We appreciate security researchers who help us keep The AI CMO secure.
# If you discover a security vulnerability, please report it responsibly.
#
# Email: security@theaicmo.com
#
# Please include:
# - Description of the vulnerability
# - Steps to reproduce
# - Potential impact
# - Any proof-of-concept (non-destructive)
#
# What to expect:
# - Acknowledgment within 48 hours
# - Regular updates on remediation progress
# - Credit in our security acknowledgments (if desired)
#
# We commit to:
# - Not taking legal action against researchers who act in good faith
# - Working with you to understand and resolve issues quickly
# - Keeping you informed of our progress
#
# Scope:
# - theaicmo.com and all subdomains
# - The AI CMO application and APIs
#
# Out of Scope:
# - Social engineering attacks
# - Physical security
# - Third-party services we use
#
# ROGA AI LIMITED
# Unit G02, Eurocity, Europort Avenue
# Gibraltar, GX11 1AA