# RFC 9116 security.txt — see https://securitytxt.org for context.
# This file tells security researchers how to report a vulnerability in
# the WAVOA marketing site, the WAVOA mobile apps, or the Supabase
# project that backs both.
#
# We don't run a per-team mailbox like security@wavoa.app any more —
# every report goes through the contact form, which lands in the same
# inbox as the imprint email and is read by a human. The form is
# topic-tagged so security reports are surfaced ahead of general mail.

Contact: https://www.wavoa.app/en/contact?topic=security
Contact: mailto:wavoa.app@outlook.com
Expires: 2027-04-30T00:00:00.000Z
Preferred-Languages: en, fr, de, es
Canonical: https://www.wavoa.app/.well-known/security.txt
Policy: https://github.com/wavoa/wavoa-website/blob/main/SECURITY.md