Security

Effective Date: September 8, 2025

We welcome responsible disclosure of security vulnerabilities.

Reporting Vulnerabilities

Report security vulnerabilities to:

security@sfoln.com

Include:

• Vulnerability type and location
• Steps to reproduce
• Potential impact
• Your contact information

This applies to:

• sfoln.com and subdomains
• Our public APIs and services
• Email infrastructure (@sfoln.com)

• Test only against your own accounts
• Avoid disrupting services
• Don't access data that isn't yours
• Report findings promptly

• Acknowledgment within 48 hours
• Initial assessment within 7 days
• Fix timeline within 30 days
• Notification when resolved

For encrypted communication, our PGP key is available at /pgp-key.txt