# Aither Growth — Security contact (RFC 9116 / securitytxt.org)
# Updated: 2026-05-11. Aither aligns with NIS2 (Directive 2022/2555) controls
# even though as a one-person studio we are not directly in scope. Clients in
# regulated sectors (energy, transport, banking, healthcare, public admin,
# digital infra, ICT-service-management, postal, waste, food, manufacturing)
# can use Aither as a sub-processor with confidence.

Contact: mailto:security@aithergrowth.com
Contact: mailto:max@aithergrowth.com
Contact: tel:+31645029680
Expires: 2027-05-11T00:00:00.000Z
Preferred-Languages: en, nl
Canonical: https://aithergrowth.com/.well-known/security.txt
Policy: https://aithergrowth.com/security
Acknowledgments: https://aithergrowth.com/security#thanks
Hiring: https://aithergrowth.com/about
Encryption: https://aithergrowth.com/.well-known/security.txt

# Reporting guidelines
# 1. Do not access, modify, or destroy data that is not yours.
# 2. Do not run automated scanners that generate noticeable traffic.
# 3. Give us 90 days before public disclosure unless we agree otherwise.
# 4. Include reproduction steps, impact, and your suggested fix if you can.
# 5. Critical issues (RCE, auth bypass, customer-data leak) acknowledged within
#    24h, mitigated within 72h — aligned with NIS2 incident-handling timelines.

# Bug-bounty
# No formal cash bounty (we are a one-person studio). Recognition on the
# security page + a free Pilot Build voucher (€795 value) for any high-severity
# finding that we ship a fix for.