Contact: mailto:security@optim.health
Expires: 2027-04-22T00:00:00.000Z
Encryption: https://med.optim.health/.well-known/pgp-key.txt
Preferred-Languages: ro, en
Canonical: https://med.optim.health/.well-known/security.txt
Policy: https://med.optim.health/privacy
Acknowledgments: https://med.optim.health/security-hall-of-fame
Hiring: https://med.optim.health/

# OptimHealth — Responsible disclosure
#
# We welcome security reports. Please:
#   - Encrypt sensitive reports with the PGP key above
#     Fingerprint: 6172 8C60 496B 0C77 4086  F7CE E426 F84D 1C4C C1DC
#   - Do not perform DoS, social engineering, or test on real patient data
#   - Allow 90 days for coordinated disclosure before publishing
#
# Scope: med.optim.health, auth.med.optim.health, api.med.optim.health
# Out of scope: third-party SaaS endpoints (OpenAI api.openai.com)