Contact: mailto:security@exogram.ai
Contact: https://exogram.ai/security-and-compliance
Expires: 2027-01-01
Preferred-Languages: en
Canonical: https://exogram.ai/security.txt

Policy:
Exogram operates a security-first semantic ledger infrastructure.
We welcome responsible disclosure of security vulnerabilities.

Scope:
- Web application
- API endpoints
- Chrome browser extension
- MCP / AI tool integrations

Out of Scope:
- Social engineering
- Denial-of-service attacks
- Physical security

Encryption:
- AES-256 encryption at rest
- TLS 1.3 encryption in transit

Data Handling:
- User-initiated ingestion only
- No background data collection
- No training on user data
- Full export and deletion rights

Disclosure:
Please provide sufficient detail to reproduce the issue.
We aim to acknowledge reports within 72 hours.