# Security Policy

Contact: mailto:info@innovius.ai
Contact: mailto:info@chtsafe.com
Contact: https://x.com/InnoviusAI
Preferred-Languages: en, de
Canonical: https://chtsafe.com/security.txt
Policy: https://chtsafe.com/security.html
Policy: https://chtsafe.com/privacy.html
Acknowledgments: https://chtsafe.com/security.html

## Reporting Security Issues

If you discover a vulnerability affecting ChtSafe, ShinrAI, Team Members, Sims, the ChtSafe API, media workflows, the public websites, or a customer deployment surface, please report it as soon as possible.

## What to include
- A clear description of the issue
- Affected URL, application, or deployment mode
- Whether the issue affects hosted, dedicated-hardware, or air-gapped/on-prem operation
- Reproduction steps if safe to provide
- Potential impact
- Suggested mitigation if known

## Response Expectations
We aim to respond within 48 hours. If you do not hear back, please follow up. We take security reports seriously but messages can occasionally be missed.

## Scope
- chtsafe.com and its subdomains
- chtsafe.eu, chtsafe.de
- chtpal.com, safeaichat.com, securecht.com
- ChtSafe mobile and desktop applications
- ChtSafe API, Team Members, Sims, media workflows, and ShinrAI-protected routing surfaces
- Customer-specific hosted, dedicated-hardware, and enterprise deployment surfaces operated with Innovius involvement

## Bug Bounty
We do not currently run a public bug bounty program. We may still offer rewards or public recognition depending on the impact of a valid report.

## Disclosure
Please avoid public disclosure until we have had a reasonable chance to investigate and remediate the issue. The public trust overview lives at https://chtsafe.com/security.html.

Last updated: 2026-04-07