# Security Policy / Vulnerability Disclosure

## Contact
Email: security@greywolfx.io (please encrypt sensitive reports with PGP if possible)
PGP Key: https://greywolfx.io/security.asc

## Policy
We take security seriously. If you believe you've found a vulnerability, please report it responsibly. We will acknowledge receipt within 48 hours and provide an estimated timeline for resolution.

## Scope
All greywolfx.io services and infrastructure are in scope.
Out of scope: DDoS/DoS attacks, social engineering, physical security

## Safe Harbor
We will not pursue legal action against researchers who:
- Make a good faith effort to avoid privacy violations
- Do not exploit a vulnerability beyond proof-of-concept
- Report findings privately before public disclosure