Contact: mailto:CostMeSupport@marcymail.com
Expires: 2027-05-18T06:43:03.785Z
Preferred-Languages: en
Canonical: https://costme.io/.well-known/security.txt
Policy: https://costme.io/security/

# If you discover a security vulnerability in Cost Me, the iOS
# application, the marketing website (costme.io), or the chat
# backend, please contact us at the address above. We will
# acknowledge receipt within 72 hours and provide a remediation
# timeline within 7 days.

# We commit to:
#  * Acknowledging your report promptly.
#  * Investigating in good faith.
#  * Not pursuing legal action against researchers who follow
#    responsible-disclosure practices (no DoS, no data
#    exfiltration beyond proof-of-concept, no public
#    disclosure before remediation).