Report security concerns safely.
Use this route for suspected vulnerabilities, exposed data, misconfiguration concerns, or sensitive security issues involving TAHAI Web Services public surfaces or TAHAI IT Docs routes.
Last updated: May 10, 2026. This disclosure route is for good-faith security reporting. It does not authorize unsafe testing, destructive activity, access to third-party accounts, or access to data that is not yours.
How to report
Email [email protected] with a concise description, affected URL or domain, issue type, expected impact, reproduction steps, safe screenshots or logs, and your contact information.
Safe testing expectations
- Do not access, modify, delete, copy, or exfiltrate data that is not yours.
- Do not perform denial-of-service testing, destructive testing, spam, phishing, social engineering, or physical attacks.
- Do not attempt persistence, lateral movement, privilege abuse, or repeated probing after confirming an issue.
- Stop testing and report immediately if you encounter sensitive data.
- Do not publicly disclose details before TAHAI Web Services has had a reasonable opportunity to investigate.
What to include
- Affected domain, route, or product surface.
- Issue category and plain-English impact.
- Minimal steps to reproduce safely.
- Evidence that does not expose other users, secrets, or private data.
- Suggested mitigation, if known.
What not to send
Do not send passwords, tokens, private keys, regulated data, or bulk data. If sensitive data is involved, describe the type of exposure without including the data itself unless TAHAI Web Services provides an appropriate secure channel.
No bounty program
TAHAI Web Services does not publish a public bug-bounty reward commitment on this page. Reports are still appreciated and will be reviewed based on severity, clarity, and safety.
Machine-readable route
Security researchers can also use /.well-known/security.txt, which points back to this responsible disclosure page and the security contact mailbox.