# Tokia / IT Booster Global — Responsible disclosure policy
# Reporte vulnerabilidades de segurança no Tokia (usetokia.com, api.usetokia.com,
# chat.usetokia.com) seguindo este canal. Resposta SLA: 48h úteis.

Contact: mailto:security@usetokia.com
Contact: mailto:contato@usetokia.com
Expires: 2027-05-20T00:00:00.000Z
Encryption: https://www.usetokia.com/.well-known/pgp-key.txt
Preferred-Languages: pt-BR, en
Canonical: https://www.usetokia.com/.well-known/security.txt
Policy: https://www.usetokia.com/docs/security/disclosure
Hiring: https://itbooster.com.br/vagas

# Escopo
# - usetokia.com / www.usetokia.com (landing + dashboard)
# - api.usetokia.com (gateway IA)
# - chat.usetokia.com (Tokia Chat, fork LibreChat)
# - Logto self-hosted auth.toolpad.cloud (apenas Apps Tokia, não infra Logto upstream)
#
# Fora de escopo
# - Sub-processadores upstream (OpenRouter, Fal.ai, Google AI Studio) — reportar pra eles direto
# - Phishing / social engineering
# - Bugs UX sem impacto de segurança
# - Volumetric DoS / DDoS (use rate limit cap normal)