Security Disclosure
Security is core to our mission. We welcome the contribution of external security researchers.
Safe Harbor Policy
If you conduct security research in good faith and in accordance with this policy, we will consider your research authorized. We will not pursue legal action against you and will work with you to understand and resolve the issue quickly.
Reporting a Vulnerability
If you believe you have found a security vulnerability in TARE, please report it to us immediately.
What to Include
- Specific URL and parameter(s) affected.
- Browser version and OS.
- Steps to reproduce (POC script or video preferred).
Scope
In Scope
- app.tareops.com (Dashboard)
- tareops.com (Marketing)
- api.tareops.com
- Critical Data Exposure
Out of Scope
- DoS / DDoS Attacks
- Social Engineering / Phishing
- Physical security of offices
- Third-party services (Stripe, Vercel)
PGP Key
For sensitive disclosures, you may encrypt your email using our PGP key.
-----BEGIN PGP PUBLIC KEY BLOCK----- (Placeholder: 4096-bit RSA Key ID: 0xTAREOPS) ... -----END PGP PUBLIC KEY BLOCK-----