# BloxBuddy — Responsible Disclosure Contact
# https://bloxbuddy.fun/.well-known/security.txt
# This file follows RFC 9116.

Contact: mailto:parents@bloxbuddy.fun
Contact: mailto:security@bloxbuddy.fun
Expires: 2027-04-22T00:00:00.000Z
Preferred-Languages: en
Canonical: https://bloxbuddy.fun/.well-known/security.txt
Policy: https://bloxbuddy.fun/safety.html
Acknowledgments: https://bloxbuddy.fun/safety.html#security-disclosures

# Scope
# BloxBuddy is a father-son project operated by Number One Son Software Development.
# We welcome good-faith security research on:
#   - The bloxbuddy.fun web properties
#   - The BloxBuddy Roblox Studio plugin (when published)
#   - The BloxBuddy API endpoints (when deployed)
#
# Out of scope:
#   - Third-party services BloxBuddy integrates with (report to those vendors directly)
#   - Social-engineering attacks against Number One Son Software Development staff
#   - Denial-of-service attacks or volumetric testing
#
# We will not pursue legal action against researchers who:
#   - Make a good-faith effort to avoid privacy violations, data destruction,
#     and disruption of our service
#   - Give us a reasonable time to investigate and respond before public disclosure
#   - Do not exploit findings beyond what is required to demonstrate the issue