# HustleBazar — security disclosure policy (RFC 9116)
# https://www.rfc-editor.org/rfc/rfc9116.html

Contact: mailto:support@hustlebazar.com
Expires: 2027-05-17T00:00:00.000Z
Preferred-Languages: en
Canonical: https://hustlebazar.com/.well-known/security.txt
Policy: https://hustlebazar.com/landing/privacy#security
Acknowledgments: https://hustlebazar.com/landing/privacy#security

# How to report a security issue:
# 1. Email support@hustlebazar.com with subject "Security disclosure" and a
#    clear description, reproduction steps, and the impact you observed.
# 2. Allow up to 5 business days for an initial response and 90 days for
#    coordinated disclosure before publishing details publicly.
# 3. Please do not run automated scans, denial-of-service tests, or social-
#    engineering attacks against our team or merchants.
# 4. We do not currently run a paid bug-bounty programme — but we publicly
#    acknowledge researchers who report valid issues responsibly.