# MarketOS — Security disclosure policy
# https://securitytxt.org/

Contact: mailto:support@driftrail.com
Expires: 2027-04-18T00:00:00Z
Preferred-Languages: en
Canonical: https://marketos.org/.well-known/security.txt
Policy: https://marketos.org/privacy.html

# MarketOS is operated by DriftRail. All correspondence — including security
# disclosures — goes to support@driftrail.com.
#
# If you've found a security issue, please email with a description of the
# problem and steps to reproduce. We'll respond within 72 hours and aim to
# have a fix shipped within 7 days for high-severity issues. Please don't
# publicly disclose until we've had a chance to respond.
#
# Scope
#   - marketos.org
#   - /api/v1/* endpoints
#   - The MarketOS desktop app
#
# Out of scope
#   - Third-party provider APIs (Gemini, OpenAI, Anthropic, Perplexity)
#   - User's local environment