# Security Policy for ATABAS GROUP
# RFC 9116 Compliant Security Contact Information

Contact: mailto:info@atabas.com.tr
Contact: https://atabas.com.tr/security-report/
Expires: 2027-02-15T23:59:59.000Z
Encryption: https://atabas.com.tr/pgp-key.txt
Encryption: openpgp4fpr:BCBC8CD4DA78F83416E4B44F177264F586C7A8ED4
Preferred-Languages: en, tr
Canonical: https://atabas.com.tr/.well-known/security.txt
Acknowledgments: https://atabas.com.tr/security-acknowledgments/
Policy: https://atabas.com.tr/security-policy/
Hiring: https://atabas.com.tr/careers/

# About ATABAS GROUP
# Company: ATABAS GROUP (Atabaş Grup Dış Ticaret Ltd. Şti.)
# LEI: 984500DB9C2D71FF8846
# Location: Istanbul, Turkey
# Website: https://atabas.com.tr
# Established: 1981

# Scope
# This security policy covers:
# - Website and web applications (atabas.com.tr)
# - Email systems (@atabas.com.tr domain)
# - Customer portals and trading platforms
# - Internal business systems

# Response Timeline
# - Initial acknowledgment: Within 48 hours
# - Status update: Within 7 business days
# - Resolution timeline varies by severity:
#   * Critical: 24-48 hours
#   * High: 7 days
#   * Medium: 30 days
#   * Low: 90 days

# Safe Harbor
# ATABAS GROUP is committed to working with security researchers
# who follow responsible disclosure practices. We will not pursue
# legal action against researchers who:
# - Act in good faith
# - Do not compromise user data or system availability
# - Report vulnerabilities promptly
# - Follow our disclosure timeline

# Out of Scope
# - Third-party services not under our direct control
# - Issues requiring unlikely user interaction
# - Social engineering attacks
# - Physical security issues

# Thank you for helping keep ATABAS GROUP secure.