# DPAS — security.txt (RFC 9116)
# Coordinated vulnerability disclosure for the Digital Payment Approval System.
# Closes PRE_GOLIVE_AUDIT PS-2 and BLIND_SPOTS BL-6.
#
# Operator note: the addresses and URLs below default to conventional paths.
# Before public launch, confirm the security mailbox is monitored, set the
# canonical production domain, and refresh the Expires date (RFC 9116 requires
# it to be no more than one year out).

Contact: mailto:security@dpas.app
Expires: 2027-05-20T00:00:00.000Z
Preferred-Languages: en, ar
Canonical: https://dpas.app/.well-known/security.txt
Policy: https://dpas.app/security