Contact: mailto:security@actionitemloop.com
Expires: 2026-12-31T23:59:59.000Z
Preferred-Languages: en
Canonical: https://actionitemloop.com/.well-known/security.txt

# Security Policy

We take security seriously. If you discover a security vulnerability, please report it to us privately.

# Disclosure Policy

Please do not publicly disclose the issue until we have had a chance to address it. We will acknowledge receipt of your report within 48 hours and provide an estimated timeline for a fix.

# Scope

This security policy applies to:
- ActionItemLoop web application
- REST API endpoints
- Webhook integrations
- Client-facing features

# Out of Scope

- Third-party services (Clerk, Stripe, etc.)
- Social engineering attacks
- Physical attacks

# Safe Harbor

We support responsible disclosure and will not take legal action against security researchers who:
- Make a good faith effort to avoid privacy violations and data destruction
- Only interact with test accounts owned by you
- Do not exploit the vulnerability beyond demonstrating proof of concept
- Report the vulnerability promptly

Thank you for helping keep ActionItemLoop secure!