# Syba security disclosure — RFC 9116
# https://sybainsurance.com/.well-known/security.txt

Contact: mailto:security@syba.io
Contact: mailto:customer.service@syba.io
Expires: 2027-05-22T23:59:59.000Z
Encryption: https://sybainsurance.com/.well-known/pgp-key.txt
Preferred-Languages: en, nl, fr
Canonical: https://sybainsurance.com/.well-known/security.txt
Policy: https://sybainsurance.com/privacy
Hiring: https://sybainsurance.com/about

# Acknowledgments
# We thank the security research community for responsible disclosure.
# Reports handled within 72 hours. Critical findings: 24h.

# Scope
# In-scope: sybainsurance.com, secure.syba.io, personalguard.syba.io,
#           syba.io, broker-syba.netlify.app, sybamail.syba.io
# Out-of-scope: third-party dependencies (report upstream),
#               social-engineering staff, physical attacks,
#               denial-of-service, automated scans without coordination.

# Safe harbor
# Good-faith research falls under our safe-harbor policy:
# we will not pursue legal action for testing within scope that
# (a) avoids privacy violations, destruction of data, and service
# interruption, (b) only interacts with accounts you own or with
# explicit permission, and (c) gives us reasonable time to remediate
# before public disclosure.