-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

# Canonical URL
Canonical: https://moneylead.gg/.well-known/security.txt

# Contact information for security issues
Contact: mailto:security@moneylead.gg
Contact: mailto:fucksteam@moneylead.gg
Contact: https://moneylead.gg/pages/contact.html

# Encryption key for secure communication
Encryption: https://moneylead.gg/.well-known/pgp-key.txt

# Preferred languages for security reports
Preferred-Languages: en, uk, ru

# Security policy and vulnerability disclosure policy
Policy: https://moneylead.gg/pages/terms.html

# Hiring information for security researchers
Hiring: https://moneylead.gg/pages/contact.html

# Acknowledgments for security researchers
Acknowledgments: https://moneylead.gg/pages/contact.html

# Expiration date (2 years from now - 2027-10-14)
Expires: 2027-10-14T23:59:59.000Z

# About this security.txt
# This file is compliant with RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116.html)
# Last updated: 2025-10-14
#
# MoneyLead is committed to working with security researchers to identify and
# resolve security vulnerabilities. We appreciate responsible disclosure and
# will acknowledge your contributions.
#
# Scope:
# - moneylead.gg and all subdomains
# - All public-facing web applications
# - All API endpoints
#
# Out of Scope:
# - Social engineering attacks
# - Physical security tests
# - Denial of Service (DoS/DDoS) attacks
# - Third-party services we use (e.g., GitHub, CDN providers)
#
# Safe Harbor:
# We consider security research conducted in accordance with this policy to be:
# - Authorized in accordance with the Computer Fraud and Abuse Act
# - Exempt from restrictions in our Terms of Service that would interfere with research
# - Lawful, helpful to the security of our systems
#
# We will not pursue legal action against researchers who:
# - Make a good faith effort to avoid privacy violations and disruptions to others
# - Only interact with accounts you own or with explicit permission
# - Do not exploit vulnerabilities beyond proof-of-concept
# - Report vulnerabilities promptly
# - Keep vulnerability details confidential until we've had time to address them
#
# Response Timeline:
# - Initial response: Within 48 hours
# - Status update: Within 7 days
# - Resolution timeline: Depends on severity (communicated after triage)
#
# PGP Key Fingerprint: 8BBF 9CA4 3F44 4F46 40C1 E69B 439F CA18 BA1A 9BCE
#
# Thank you for helping keep MoneyLead and our users safe!
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEFO2kQoTwGX8N14RJ5MqOcE8drqwFAmjufqsACgkQ5MqOcE8d
rqxyoRAAhM1D4Q9jUSaONHnmaIW7oGq/ptZN5rByYL/f5qjw5AQHVbj5XLXRuK+q
1iw5TdmhWMCs6CUJ0YhK8DX6iGW9IK1jRqJzWJfJ/QL28tWFTdZ6rBB5JRjVlRg/
Q1GmY9XROoYwSi+Po0cRbSHYGkVMQWHIpQ1Jhhkl39VKhYIoKXx8zp16iBM+8uoA
FQaWEKeyXoaTkDF0J3CtsE1LFMZKpt52fnMfR0Hl4u0rvS6y+swETi+ABuesI9FA
clR3d/7ENANOOO8aZhkWyW0TcdO0Nfizu8HQ2bpBcBPVP4tuL60KJ0u2X+WziqUX
e9Rc+/PSOM2Nh/YDUrbiwsb/H0ZSW6OA4SH1d8QV6Zf3A13/2/bXQpVQ2XzrH1/k
aM6Y8bHJqfSC80fxlvqvJqTafKsZlKHN7rcUTwB4/hLQztPQKfiOwWtNKnJOm6AN
SDbHKvNuu8XYw6HxHyI0RvI695+15hfTecEikFEvC1p+ZyrDG5V3OMZPWoInoAiT
ny0dhxSgsvKtI8mIPmgYsMlidhaT77L8f0y4mwM07QdUcVW3Teka1cJDDOx3BQEj
JcBIVvju0igohDjCMlvjwyzQPYtTYsQA1ZWvO3ohzR61Ft8Y8Ia5W2bpY0r7E2Ye
fmC20fxEGdEgk95o4cmkiaWEXeGoEjeJkPTTBC0grPsu7AvN93M=
=J4ck
-----END PGP SIGNATURE-----