# Fixed by Opus 4.7 — 2026-05-29 — restored from live-website/ (was missing from v7 bundle; P0-2)
# NexFlow · security.txt
# RFC 9116 · https://www.rfc-editor.org/rfc/rfc9116
#
# If you have found a security issue affecting NexFlow infrastructure,
# nex-flow.io, app.nex-flow.io, or any software we ship, please contact us
# below. We respond within one business day. We do not pursue legal action
# against researchers who act in good faith and follow this policy.

Contact: mailto:security@nex-flow.io
Contact: https://www.nex-flow.io/#contact

# Expiry must be updated annually. Keep this current.
Expires: 2027-05-17T00:00:00.000Z

# Languages we will respond in
Preferred-Languages: en

# Canonical location of this file
Canonical: https://www.nex-flow.io/.well-known/security.txt

# Where to find our public PGP key for sensitive disclosures
Encryption: https://www.nex-flow.io/.well-known/pgp-key.txt

# Acknowledgements page — credit (with consent) for valid disclosures
Acknowledgments: https://www.nex-flow.io/security/credits

# Scope, hiring, and additional context
Policy: https://www.nex-flow.io/security/policy
Hiring: https://www.nex-flow.io/security/policy#hiring

# Coordinated disclosure window: 90 days from initial report unless we agree
# otherwise. Critical issues with active exploitation may be disclosed sooner
# in collaboration with the reporter.