Contact: mailto:security@flowlegalpartners.com
Expires: 2027-06-01T00:00:00.000Z
Preferred-Languages: en
Canonical: https://flowcounsel.com/.well-known/security.txt
Policy: https://flowcounsel.com/security

# FlowCounsel responsible disclosure policy
#
# FlowCounsel is a product of FlowLegal Partners LLC. Report suspected
# security vulnerabilities to security@flowlegalpartners.com.
#
# Please include:
#   - Detailed description of the vulnerability
#   - Steps to reproduce
#   - Affected URL or component
#   - Your name and contact information (PGP welcome)
#
# Acknowledgment within 3 business days. Coordinated disclosure
# timelines confirmed per report.
#
# Out of scope: production access, brute-force attacks, denial-of-service,
# customer-data exfiltration, social engineering of FlowCounsel staff or
# customers, physical attacks against FlowLegal Partners facilities.
#
# Good-faith research conducted within these guidelines will not be
# pursued under unauthorized-access laws.