# Black Relay Site Security Policy

Use `mailto:hei@blackrelay.network` for vulnerabilities that affect the public Black Relay website at `*.blackrelay.network`.

Reports should include the affected URL, reproduction steps, browser or client details, and the likely impact. Keep proof-of-concept material minimal and avoid including secrets, private player data, credentials or unrelated third-party information.

PGP is not supported for this contact route. Security mail is handled through Tuta/Tutanota's encrypted mailbox format.

Use the affected repository's GitHub Security reporting flow for repository code, dependency, CI, release or deployment issues:
- `blackrelay/site` for this website.
- `blackrelay/api` for the public API Worker.
- `blackrelay/registry` for the Registry source-of-truth indexer and data pipeline.

For EVE Frontier, CCP Games, Fenris Creations, Cloudflare, Tuta/Tutanota, GitHub or other third-party services, use that project's own security contact.