# EcosMail — Security disclosure policy (RFC 9116)
# https://ecosmail.fr/transparence.html

Contact: mailto:security@ecosmail.fr
Expires: 2027-04-18T00:00:00.000Z
Preferred-Languages: fr, en
Canonical: https://ecosmail.fr/.well-known/security.txt
Policy: https://ecosmail.fr/roadmap-securite.html
Acknowledgments: https://ecosmail.fr/transparence.html

# How to report a vulnerability:
# Email security@ecosmail.fr with details, steps to reproduce, and impact.
# We respond within 72h. No bounty program yet (informal recognition only —
# YesWeHack programme planifié Q1 2027, voir roadmap-securite).
#
# Please do NOT publicly disclose before we have had reasonable time to fix.
# Coordinated Vulnerability Disclosure (CVD) — typical 90-day window.