# Lumera Labs — Security Disclosure Policy (RFC 9116)
Contact: mailto:lumeralabs@proton.me
Expires: 2027-04-21T00:00:00.000Z
Preferred-Languages: en, fr
Canonical: https://lumerapeptide.com/.well-known/security.txt
Policy: https://lumerapeptide.com/security/
Acknowledgments: https://lumerapeptide.com/security/hall-of-fame/

# We respond to coordinated disclosure within two hours during the
# disclosure window. Critical issues (auth bypass, data leakage, payment
# tampering) are prioritized over informational findings.
#
# Out of scope: rate-limit testing in production, social engineering of
# customers or staff, physical access attempts, denial-of-service.