# security.txt — Just Say It (RFC 9116)
#
# HOSTING REQUIREMENT (do not skip): this file MUST be served at
#   https://jastsayit.com/.well-known/security.txt
# over TLS, with Content-Type: text/plain; charset=utf-8. RFC 9116 requires the
# canonical location to be /.well-known/security.txt; a copy at the web root is
# permitted but the well-known path is authoritative. This file is the in-repo
# source of truth — deploy it to the host, do not hand-edit on the host.
#
# Domain confirmed: jastsayit.com (same Cloudflare zone as dl.jastsayit.com).
# Contact set to the owner's monitored inbox (2026-06-09).
# OWNER ACTION still required before this is SERVED on the web:
#   - Deploy the apex site so this resolves at the URL above (see site/ and site/README.md).
#   - Confirm the Policy URL resolves to the published privacy page once hosted.
#   - Re-issue (bump Expires) at least annually, and whenever contact details change.
#   - Optional once a signing key exists: add an Encryption (PGP) line and sign this file.

Contact: mailto:hello@jovanauniverse.com
Expires: 2027-06-07T00:00:00Z
Preferred-Languages: en, zh-Hant, zh-Hans
Canonical: https://jastsayit.com/.well-known/security.txt
Policy: https://jastsayit.com/privacy