# Security Policy for AppWT LLC
# Last Updated: 2025-08-16

Contact: mailto:security@appwt.us
Contact: tel:+18885650171
Preferred-Languages: en
Canonical: https://appwt.com/.well-known/security.txt
Expires: 2026-08-16T00:00:00.000Z

# Vulnerability Disclosure Policy

We take security seriously at AppWT LLC. If you discover a security vulnerability, 
please report it to us responsibly.

## Scope
- appwt.com and all subdomains
- API endpoints at api.appwt.com
- Client portals and applications

## Safe Harbor
We consider security research conducted in accordance with this policy:
- Authorized concerning any applicable anti-hacking laws
- Exempt from DMCA or CFAA claims
- Lawful and helpful to improving security

## Reporting Guidelines
1. Email security@appwt.us with details
2. Include steps to reproduce the issue
3. Allow up to 72 hours for initial response
4. Work with us to understand and resolve the issue

## Out of Scope
- Social engineering attacks
- Physical security issues
- Denial of service attacks
- Issues in third-party services

## Recognition
We maintain a hall of fame for responsible disclosure at:
https://appwt.com/security/hall-of-fame

# PGP Key
Available upon request at security@appwt.us

# Bug Bounty
Currently invitation-only. Contact for details.

# Encryption
All data transmission uses TLS 1.3 or higher
All stored data encrypted at rest using AES-256

# Compliance
GDPR Compliant
CCPA Compliant
SOC 2 Type II (in progress)

# AppWT LLC - Securing Michigan's Digital Future