# Cognielo security.txt — RFC 9116
# Contact us privately before disclosing. We respond fast.
Contact: mailto:security@cognielo.com
Expires: 2027-04-24T00:00:00.000Z
Preferred-Languages: en
Canonical: https://cognielo.com/.well-known/security.txt
Policy: https://cognielo.com/security.html
Acknowledgments: https://cognielo.com/security.html#hall-of-fame

# Scope
# In-scope: cognielo.com, *.cognielo.com, the Cognielo iOS app, the
# Cognielo watchOS app, the Cognielo SDK (elo-core Rust crate), the
# LifeScore widget extension, and anything served from api.cognielo.com
# once the Coach proxy is live.
#
# Out of scope (please do not test): Anthropic's API, Cloudflare
# infrastructure, Apple's App Store review surface, or anything else we
# don't directly operate.
#
# Please do not perform testing that could affect other users — avoid
# DoS, mass account creation, or anything that would require real-user
# impact to demonstrate.