# HAQQ Security Contact Information # https://haqq.ai # RFC 9116 Compliant # Security Contact Contact: mailto:security@haqq.ai Contact: https://haqq.ai/security # Encryption # PGP key available upon request to security@haqq.ai # Policy Policy: https://haqq.ai/security Policy: https://haqq.ai/terms-and-conditions # Acknowledgments # We appreciate security researchers who help keep HAQQ secure. Acknowledgments: https://haqq.ai/security#acknowledgments # Preferred Languages Preferred-Languages: en, ar, fr, es # Canonical URL Canonical: https://haqq.ai/.well-known/security.txt # Expiration Expires: 2027-02-04T00:00:00.000Z # Hiring Hiring: https://haqq.ai/careers # ============================================================================ # VULNERABILITY DISCLOSURE POLICY # ============================================================================ # Scope # ----- # - haqq.ai and all subdomains # - HAQQ mobile applications (iOS, Android) # - HAQQ API endpoints # - Justinian AI Engine interfaces # Out of Scope # ------------ # - Social engineering attacks # - Physical security attacks # - Denial of service attacks # - Third-party services and applications # Reporting Guidelines # -------------------- # 1. Email security@haqq.ai with detailed vulnerability report # 2. Include steps to reproduce the issue # 3. Provide proof of concept if possible # 4. Allow reasonable time for remediation before disclosure # What We Promise # --------------- # - Acknowledgment within 48 hours # - Regular updates on remediation progress # - No legal action for good-faith research # - Credit in security acknowledgments (if desired) # What We Ask # ----------- # - Do not access or modify other users' data # - Do not disrupt our services # - Do not publicly disclose until we've addressed the issue # - Act in good faith # ============================================================================ # SECURITY CERTIFICATIONS # ============================================================================ # SOC 2 Type II Certified # - Audited by independent third-party # - Covers Security, Availability, Confidentiality # ISO 27001 Certified # - Information Security Management System # - Comprehensive security controls # ISO 42001 Certified # - AI Management System # - Responsible AI governance # GDPR Compliant # - EU data protection standards # - Privacy by design # ============================================================================ # SECURITY MEASURES # ============================================================================ # Encryption # - Data at rest: AES-256 # - Data in transit: TLS 1.3 # - End-to-end encryption for sensitive data # Access Controls # - Role-based access control (RBAC) # - Multi-factor authentication (MFA) # - Principle of least privilege # Monitoring # - 24/7 security monitoring # - Intrusion detection systems # - Real-time alerting # Infrastructure # - Secure cloud hosting # - Regular penetration testing # - Automated vulnerability scanning # ============================================================================ # INCIDENT RESPONSE # ============================================================================ # Security Incident Contact: security@haqq.ai # Emergency Contact: +961 (available upon request) # Response Times # - Critical: 4 hours # - High: 24 hours # - Medium: 72 hours # - Low: 7 days # ============================================================================ # ADDITIONAL CONTACTS # ============================================================================ # General: info@haqq.ai # Legal: legal@haqq.ai # Privacy: privacy@haqq.ai # Enterprise: enterprise@haqq.ai # Careers: careers@haqq.ai