# RFC 9116 security.txt — Mama Bloom UG
# https://mamabloom.app/.well-known/security.txt
#
# If you believe you have found a security vulnerability affecting
# Mama Bloom, please report it responsibly via the contact below.
# We acknowledge legitimate reports within 72 hours.

Contact: mailto:security@mamabloom.app
Contact: mailto:hello@mamabloom.app
Expires: 2027-05-18T23:59:59.000Z
Preferred-Languages: en, de
Canonical: https://mamabloom.app/.well-known/security.txt
Policy: https://mamabloom.app/privacy.html

# Scope:
#   - mamabloom.app (this site)
#   - The Mama Bloom iOS app (TestFlight + App Store builds)
#   - Vercel-hosted API proxy backing the iOS app
#
# Out of scope:
#   - Social-engineering reports against employees
#   - Denial-of-service findings
#   - Reports requiring root/jailbreak on the user's device
#
# Please do NOT include personal data of third parties in your
# report. We follow EU GDPR + UK GDPR for any data exchanged in
# the course of investigation.