# Security Policy

## Reporting

Report suspected security vulnerabilities affecting Cabranet Digital SL,
Saspien, this website, or the Saspien Verifier to:

- Email: hello@cabranetdigital.com
- Canonical security.txt: https://cabranetdigital.com/.well-known/security.txt
- Preferred languages: English or Spanish

Please include the affected URL or component, a clear reproduction path,
expected and observed behaviour, and the potential impact. Do not include
credentials or personal data unless necessary to explain the issue.

## Responsible Testing

Avoid destructive testing, denial of service, automated high-volume traffic,
privacy violations, social engineering, and access to data that is not your
own. Stop testing and report the issue if you encounter sensitive information.

The public Saspien Verifier is intentionally rate-limited and rejects private,
reserved, local, and non-HTTPS targets. Please do not attempt to bypass those
controls.

## Scope Notes

This policy is a reporting channel, not a bug-bounty promise or authorization
to access systems. Cabranet Digital SL will assess reports in good faith and
respond as capacity allows.

Last reviewed: 2026-06-12