# CHANGED: 2026-04-07 akushnir #7299 security.txt per RFC 9116 for responsible disclosure
Contact: mailto:security@elevatediq.ai
Contact: https://elevatediq.ai/security
Expires: 2027-04-07T00:00:00.000Z
Preferred-Languages: en
Canonical: https://elevatediq.ai/.well-known/security.txt

# Security Posture
# SPF: Configured (v=spf1 include:_spf.google.com ~all)
# DKIM: Enabled (Google Workspace signing)
# DMARC: p=reject (strict policy - no spoofing)

# Scope
This security.txt applies to:
- elevatediq.ai domain
- All subdomains (*.elevatediq.ai)
- ElevatedIQ platform services

# Response Time
We respond to valid security reports within 24 hours.
Typical time to remediate: <72 hours for critical issues.

# Safe Harbor
We support coordinated vulnerability disclosure. Researchers acting in good faith will not face legal action.

# PGP Key (Optional)
# If you prefer encrypted communication, contact security@elevatediq.ai for our PGP key

# Acknowledgments
https://elevatediq.ai/security#acknowledgments