# ShotSelect — Security Vulnerability Disclosure
# https://www.rfc-editor.org/rfc/rfc9116
#
# If you've found a security issue in the ShotSelect Mac app or in the
# website + worker fleet that backs it, please report it privately to
# the contact below. We respond within 72 hours.
#
# In scope:
#   · ShotSelect Mac app (electron, IPC, auto-update, license check)
#   · shotselect.app marketing site
#   · *.shotselect.app subdomains
#   · shotselect-telemetry.* / shotselect-dashboard.* / shotselect-dl.*
#     workers
#   · /api/* Pages Functions (beta-key, latest, social-proof,
#     windows-interest)
#
# Out of scope:
#   · Reports from automated scanners with no proof-of-concept
#   · Self-inflicted issues (running a custom build, modifying the app)
#   · Resend / Cloudflare infrastructure (report to those vendors)

Contact: mailto:rudra.ptp.singh@gmail.com
Expires: 2027-05-09T00:00:00.000Z
Preferred-Languages: en
Canonical: https://shotselect.app/.well-known/security.txt
Policy: https://shotselect.app/security