# ==========================================================================
# security.txt — Digital Marketing Services (digitalmarketingservices.pro)
# ==========================================================================
#
# This file complies with RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116)
# and helps security researchers report vulnerabilities responsibly.
#
# Maintained by: Kristian Kreaktive, Kreaktive LLC
# Last updated:  2026-03-19
# ==========================================================================

# --- Contact (REQUIRED) --------------------------------------------------
# How to report a security vulnerability. Listed in order of preference.
# Please include steps to reproduce, affected URLs, and impact assessment.

Contact: mailto:info@digitalmarketingservices.pro
Contact: https://digitalmarketingservices.pro/contact/

# --- Expires (REQUIRED) --------------------------------------------------
# This file should be considered stale after this date.
# RFC 9116 recommends no more than 1 year into the future.

Expires: 2027-03-19T00:00:00.000Z

# --- Canonical ------------------------------------------------------------
# The definitive location of this file. If you're reading a copy served
# from a different URL, it may have been tampered with. Verify here.

Canonical: https://digitalmarketingservices.pro/.well-known/security.txt

# --- Preferred-Languages --------------------------------------------------
# Languages our team can handle vulnerability reports in.

Preferred-Languages: en, es

# --- Policy ---------------------------------------------------------------
# Our vulnerability disclosure expectations. We follow coordinated
# disclosure: report privately, we acknowledge within 5 business days,
# and we aim to remediate within 120 days depending on severity.
# We will not pursue legal action against good-faith security research.

Policy: https://digitalmarketingservices.pro/security-policy/

# --- Acknowledgments ------------------------------------------------------
# Researchers who have responsibly disclosed vulnerabilities to us.

Acknowledgments: https://digitalmarketingservices.pro/security-acknowledgments/

# ==========================================================================
# Notes for researchers:
#
#   Scope:    digitalmarketingservices.pro and its subdomains
#   Out of scope: Third-party services (Cloudflare, Hostinger infrastructure),
#                 social engineering, physical attacks, denial of service
#
#   This is a static site (Astro) with no server-side application logic.
#   The primary attack surface is the contact form handler (PHP) and
#   any client-side JavaScript.
#
#   We appreciate your help keeping the web safe. Thank you.
# ==========================================================================