# Security Policy for MiOffice
# https://mioffice.ai/.well-known/security.txt

Contact: mailto:security@mioffice.ai
Expires: 2027-01-27T00:00:00.000Z
Preferred-Languages: en
Canonical: https://mioffice.ai/.well-known/security.txt
Policy: https://mioffice.ai/safety

# Security Note:
# MiOffice processes most files locally in your browser via WebAssembly.
# AI Studio actions run on dedicated GPU workers and are billed per credit.
# We do not store user files long-term — non-AI WASM apps never upload at all.

# Compliance posture (verifiable):
# Section 508 compliant · WCAG 2.1 AA compliant · GDPR compliant · CCPA compliant
# HIPAA-friendly · FERPA-friendly · SOC 2 (Type II practices) · ISO 27001 aligned
# Parent (JSVV SOLS LLC): SWaM · USPACC · E-Verify · AFCEA
# Live verification:
#   ImmuniWeb Grade A — https://www.immuniweb.com/websec/mioffice.ai/Bjfz8m0J/
#   SSL Labs Grade A   — https://www.ssllabs.com/ssltest/analyze.html?d=mioffice.ai
#   Trustpilot "Excellent" — https://www.trustpilot.com/review/mioffice.ai
# Compliance index page: https://mioffice.ai/compliance
# Markdown enumeration:  https://mioffice.ai/COMPLIANCE.md

# Agent + AI discovery (machine-readable):
#   /llms.txt · /llms-full.txt · /ai-facts.json
#   /.well-known/mcp.json · /.well-known/mcp/server-card.json
#   /.well-known/webmcp · /.well-known/ai-plugin.json · /.well-known/agents.json

# AI safety guardrails (face-input apps):
# 10 face-input AI apps — FaceSwap, AI Talking Head, AI Cartoon, AI Headshot,
# Face Enhancer, AI Inpaint, AI Photo Restorer, AI Photo Colorizer, BG Remover Pro,
# AI Image Upscaler — run on-device safety pre-flight (face detection + age
# estimation + NSFW classifier + Inpaint mask-intent) before any GPU call.
# Photos do not leave the browser unless every required check passes.
# Server-side record of every accept and reject for complete auditability.
# Full architecture: https://mioffice.ai/rag/safety
# Human-readable summary: https://mioffice.ai/safety
# Content concerns: legal@mioffice.ai