# I30: CERT-In disclosure / RFC 9116 — security.txt
# Static file served at /.well-known/security.txt by Next.js.
# Reviewed 2026-05-31 (#542 — Domain R batch). Re-review before
# Expires below to keep auditors satisfied.

Contact: mailto:security@aarogyaassist.com
Contact: https://aarogyaassist.com/dpdp-rights
Expires: 2027-05-31T00:00:00Z
Preferred-Languages: en, hi
Canonical: https://aarogyaassist.com/.well-known/security.txt
Policy: https://github.com/Aarogya-Assist/aarogya-assist-app/blob/main/SECURITY.md

# Coordinated disclosure: please give us a 90-day window before
# public disclosure. We'll acknowledge receipt within 5 business
# days and post a status update at least every two weeks until
# resolution. PII / PHI data exposure findings get priority.
#
# For non-security privacy or grievance matters, route through
# https://aarogyaassist.com/dpdp-rights instead — that surface
# has the proper SLA tracking for DPDP §10 grievances.