# Security contact for responsible disclosure
Contact: mailto:security@flowstep.ai
Expires: 2026-12-31T23:59:59Z
Canonical: https://flowstep.ai/.well-known/security.txt

# Ethical hacking guidelines:
# - We aim to respond within one week
# - Do not perform destructive actions or damage systems
# - Do not access, modify, or delete other users' data
# - Do not disrupt or degrade service availability
# - Do not perform denial of service attacks
# - Limit testing to your own accounts where possible
# - Report vulnerabilities promptly and privately
# - Allow reasonable time for remediation before disclosure
# - Provide clear steps to reproduce any issues found
# - We welcome responsible disclosure and will provide information about any active bug bounty program upon request

# Thank you for helping keep Flowstep secure!