# Craftwebstudio — Security policy (RFC 9116)
# https://craftwebstudio.ge/.well-known/security.txt

Contact: mailto:info@craftwebstudio.ge
Contact: https://craftwebstudio.ge/contact
Expires: 2027-05-01T00:00:00.000Z
Preferred-Languages: en, ka
Canonical: https://craftwebstudio.ge/.well-known/security.txt
Policy: https://craftwebstudio.ge/security-policy

# Scope
# In scope:  *.craftwebstudio.ge (production site, admin surface, public APIs)
# Out of scope: third-party services we integrate with (Resend, Telegram, Vercel, Neon, Upstash)
#               — please report those directly to the vendor.
#
# Disclosure preferences
# Coordinated disclosure with a 90-day timeline. We will acknowledge reports within 72 hours.
# We do not run a paid bounty program; meaningful reports earn public credit on the policy page.