# Responsible Disclosure Policy

simiriki takes security seriously. We welcome responsible disclosure of vulnerabilities.

## Reporting

Email: hola@simiriki.com

Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your contact information (optional)

## Response Timeline

- **Acknowledgment**: Within 72 hours
- **Assessment**: Within 7 business days
- **Patch**: Within 30 days for critical issues

## Safe Harbor

We will not pursue legal action against researchers who:
- Act in good faith
- Do not access, modify, or delete user data
- Do not disrupt services
- Report privately before any public disclosure
- Allow reasonable time for remediation

## Scope

In scope: simiriki.com, dashboard.simiriki.com, api.simiriki.com
Out of scope: Third-party services (Stripe, HubSpot, etc.)

## Recognition

We acknowledge researchers who help improve our security (with permission) on our security page.

## Contact

- Security: hola@simiriki.com
- General: hola@simiriki.com
- Privacy: jjdlr@simiriki.com