Contact: security@tradeeon.com
Expires: 2026-01-12T00:00:00.000Z
Preferred-Languages: en
Canonical: https://www.tradeeon.com/.well-known/security.txt

# Security Policy
# We take security seriously and appreciate responsible disclosure of vulnerabilities.

# Reporting Security Issues
# If you discover a security vulnerability, please email security@tradeeon.com
# We will respond within 48 hours and work with you to resolve the issue.

# Scope
# This policy applies to:
# - www.tradeeon.com
# - api.tradeeon.com
# - All subdomains of tradeeon.com

# Out of Scope
# - Social engineering attacks
# - Physical attacks
# - Denial of Service (DoS) attacks
# - Issues requiring physical access to user devices

# Encryption
# All data is encrypted in transit using TLS 1.2+ and at rest using industry-standard encryption.

# Authentication
# We use Supabase for secure authentication with JWT tokens, email verification, and rate limiting.

# Security Headers
# Our site implements:
# - HSTS (HTTP Strict Transport Security)
# - Content Security Policy (CSP)
# - X-Frame-Options: DENY
# - X-Content-Type-Options: nosniff
# - Referrer-Policy: strict-origin-when-cross-origin
# - Permissions-Policy

# Rate Limiting
# All API endpoints are protected by rate limiting to prevent abuse.

# CSRF Protection
# All requests include CSRF tokens and Origin header validation.

# Thank you for helping keep Tradeeon secure!