Contact: mailto:security@squr.ai
Expires: 2027-01-01T00:00:00.000Z
Preferred-Languages: en, de
Canonical: https://kb.squr.ai/.well-known/security.txt
Policy: https://kb.squr.ai/security
Hiring: https://squr.ai/hiring

# SQUR cybersecurity disclosure policy
#
# We welcome reports about vulnerabilities in:
#   - kb.squr.ai (cs-graph knowledge base, this site)
#   - squr.ai (corporate site + ASM scanner)
#   - mcp.squr.ai (Model Context Protocol endpoint, when live)
#   - squr-cli + squr SDK packages
#
# Out of scope:
#   - Third-party services we embed (Vertex AI, Cloud Run, Firestore IAM)
#     — report those upstream.
#   - Social-engineering attacks against SQUR staff.
#
# Coordinated disclosure: 90-day default, extendable on request.
# We commit to acknowledging within 3 business days.