# Security Policy for grove.city
# Purpose: Provide security researchers with contact information and disclosure policy
# Updated: 2025-08-15

Contact: mailto:security@grove.city
Expires: 2026-08-15T00:00:00.000Z
Preferred-Languages: en
Canonical: https://grove.city/.well-known/security.txt
Policy: https://grove.city/security-policy

# Security Scope
- grove.city domain and subdomains
- Grove infrastructure services
- API endpoints and documentation

# Bug Bounty Program
- We welcome responsible disclosure
- No public disclosure without prior coordination
- Recognition in our security hall of fame
- Monetary rewards for critical vulnerabilities

# Response Timeline
- Initial response: 24-48 hours
- Status update: Within 1 week
- Resolution: Depends on severity and complexity

# Out of Scope
- Third-party services and integrations
- Social engineering attacks
- Physical security testing
- Denial of service testing without permission

# Thank you for helping keep Grove secure!