Contact: mailto:security@lucida.health
Expires: 2027-01-01T00:00:00.000Z
Preferred-Languages: en
Policy: https://lucida.health/security
Canonical: https://lucida.health/.well-known/security.txt

# Lucida is a HIPAA-covered platform handling protected health information (PHI).
# If you believe you've discovered a security vulnerability affecting Lucida or
# any clinic using Lucida, please email security@lucida.health BEFORE public
# disclosure. We acknowledge reports within 2 business days.
#
# Please do NOT:
#  - Access, modify, or exfiltrate any production patient data.
#  - Perform load testing or denial-of-service against production.
#  - Use automated scanners against a live clinic.
#
# Please DO include:
#  - Steps to reproduce
#  - Affected URL and clinic ID (if relevant)
#  - Your contact info for follow-up