# Offline — security contact information (RFC 9116)
# https://offlineapp.org/security.txt

Contact: mailto:security@offlineapp.org
Expires: 2027-05-26T00:00:00.000Z
Preferred-Languages: en, sv
Canonical: https://offlineapp.org/security.txt
Policy: https://offlineapp.org/privacy.html

# We welcome reports of security vulnerabilities in the Offline
# messenger, its web app, server, and mobile applications.
#
# Please report privately to the contact address above before
# any public disclosure. We aim to acknowledge reports within
# 72 hours.
#
# In scope:
#   - offlineapp.org (web app + server)
#   - Offline for Android
#   - Offline for iOS
#   - Cryptographic protocol design
#
# Out of scope:
#   - Denial of service / volumetric attacks
#   - Social engineering of staff or users
#   - Reports from automated scanners without a working PoC