Contact: mailto:info@blokusa.com
Expires: 2027-04-16T00:00:00.000Z
Preferred-Languages: en
Canonical: https://blokusa.com/.well-known/security.txt
Policy: https://blokusa.com/security.html
Encryption: https://blokusa.com/security.html#pgp

# Responsible disclosure
#
# Thank you for helping keep Lok-N-Blok and our investors, distributors,
# and customers safe. Please report any vulnerabilities you discover to
# info@blokusa.com. We will respond within 3 business days and coordinate
# a disclosure timeline.
#
# In scope:
#   - blokusa.com and all subdomains
#   - /api/* endpoints
#   - Authentication and session handling
#   - Data room access controls
#
# Out of scope:
#   - Denial of service
#   - Social engineering of staff
#   - Physical security
#   - Third-party services we use (Google Workspace, Railway, etc.)
#
# Please do NOT:
#   - Access, modify, or delete data that is not your own
#   - Perform automated scanning that impacts service availability
#   - Publicly disclose before we've had a chance to respond