Contact: mailto:security@turtlii.fr
Expires: 2027-05-03T00:00:00.000Z
Encryption: https://turtlii.fr/.well-known/pgp-key.txt
Preferred-Languages: fr, en
Canonical: https://turtlii.fr/.well-known/security.txt
Policy: https://turtlii.fr/legal/security-policy
Acknowledgments: https://turtlii.fr/legal/security-acknowledgments

# Turtlii Security Disclosure
#
# Found a vulnerability ? Email security@turtlii.fr.
# Acknowledgment under 24h working hours, fix targeted under 30 days for
# critical issues.
#
# Scope :
#   - app.turtlii.fr / turtlii.fr / turtlii.com (web)
#   - mobile apps (turtlii-tenant://, turtlii-owner://)
#   - public APIs at app.turtlii.fr/api/*
#
# Out of scope :
#   - Social engineering of staff
#   - Physical security
#   - Issues without proof-of-concept
#
# Safe Harbor :
#   We support coordinated disclosure. Researchers acting in good faith
#   under this policy will not face legal action.