# Rhyzon — Vulnerability Disclosure Policy
# RFC 9116

Contact: mailto:info@rhyzon.ch
Expires: 2027-05-07T00:00:00Z
Preferred-Languages: de, en
Canonical: https://rhyzon.ch/.well-known/security.txt
Policy: https://rhyzon.ch/datenschutz.html

# Encryption (PGP) — pending; aktivieren sobald pgp.asc deployed ist:
#   1. security@rhyzon.ch Alias bei Infomaniak einrichten
#   2. gpg --quick-generate-key "Rhyzon Security <security@rhyzon.ch>" rsa4096 cert,sign,encrypt 2y
#   3. gpg --armor --export security@rhyzon.ch > ~/work/rhyzon-website/pgp.asc
#   4. dann unten die Encryption-Zeile aktivieren (# entfernen) und security@-Alias als Contact setzen
# Encryption: https://rhyzon.ch/pgp.asc

# How we handle reports
# - Acknowledgement within 5 business days (Mo-Fr CET)
# - Coordinated disclosure preferred, no bounty programme
# - Please include reproduction steps and affected version/URL