Report security concerns safely.
Use this route for suspected vulnerabilities, exposed data, or sensitive security concerns involving TAHAI Web Services, Operational Intelligence, PSA, IT Docs, or related public links.
How to report
Email [email protected] with a clear subject line such as “Responsible Disclosure Report.” Include the affected domain, issue type, impact, reproduction steps, and safe screenshots or logs.
Safe testing expectations
- Do not access, modify, delete, or exfiltrate data that does not belong to you.
- Do not disrupt service availability or attempt destructive testing.
- Do not perform social engineering, phishing, spam, or physical attacks.
- Stop testing and report promptly if you encounter sensitive data.
What to include
Include the affected URL or product route, a concise technical description, impact, steps to reproduce, any relevant request/response details with secrets redacted, and your contact information.
What not to send
Do not send passwords, private keys, access tokens, customer secrets, regulated data, or large data dumps through ordinary email.
No bounty program
Unless separately agreed in writing, TAHAI Web Services does not operate a public bug bounty program and does not promise compensation for reports.
Machine-readable route
The canonical security contact file is available at /.well-known/security.txt.
Start with Operational Intelligence, use PSA for service workflows, and keep operational records in IT Docs.