# Nova Heaven Security Policy
# RFC 9116 - https://www.rfc-editor.org/rfc/rfc9116

Contact: mailto:security@novaheaven.io
Contact: https://novaheaven.io/en/contact
Expires: 2027-04-22T00:00:00.000Z
Preferred-Languages: en
Canonical: https://novaheaven.io/.well-known/security.txt
Policy: https://novaheaven.io/en/security
Acknowledgments: https://novaheaven.io/en/security#hall-of-fame

# If you find a vulnerability in any Nova Heaven plugin (Nova Scan, Nova Core,
# Hyper Nova, etc.) or on novaheaven.io, please report it privately first.
# Do not disclose publicly until we have had time to patch and ship a fix.
# We do not currently offer a paid bug bounty, but we will credit researchers
# in release notes and the hall of fame unless you prefer to remain anonymous.