TAHAI Web Services logoTAHAI Web Services
MSP + MSSP operations suite

Start with Operational Intelligence. Use TAHAI PSA for service workflow and TAHAI IT Docs for documentation and client records.

Open OIMSP ops softwareMSSP opsPSA softwareDocumentationTrust
Security

Security posture for an MSP operations product company.

Prospective customers and reviewers can use this security summary as a starting point for TAHAI Web Services, Operational Intelligence, PSA, IT Docs, role boundaries, and responsible disclosure.

Report a concernTrust Centersecurity.txt

Last updated: June 9, 2026. This page is a public security summary. Formal enterprise, regulated-sector, or procurement-specific review may require additional documentation.

Security principles

  • Use least-access role assignments.
  • Keep client-facing visibility separate from internal operational work.
  • Report suspected vulnerabilities through responsible disclosure.
  • Avoid sending passwords, private keys, tokens, or regulated data through ordinary email.
  • Use written agreements for enterprise-specific security, compliance, and procurement requirements.

Operational Intelligence posture

Operational Intelligence is the flagship MSP operations product. Executive, service, project, finance, governance, records, and client-safe views should be assigned according to organization membership, role, entitlement, and work need.

TAHAI PSA role boundaries

TAHAI PSA should be used for service operations by users who need service workflow access. Ticket, dispatch, approval, project, and client-collaboration context may be sensitive and should be scoped accordingly.

TAHAI IT Docs role boundaries

TAHAI IT Docs separates billable internal roles from read-only Client View access. Owner and Staff accounts are billable internal seats. Client View is limited to approved client-facing material and cannot be used for internal operational work.

Customer-safe visibility

Client View users cannot create, edit, delete, invite users, manage members, access billing, access passwords or secrets, view internal docs or projects, toggle visibility, export organization data in bulk, run automation, or perform internal staff work.

Public website hardening

The company site publishes security headers, a sitemap, robots.txt, clean trust pages, a responsible disclosure page, and a machine-readable security.txt route.

Responsible disclosure

Report suspected vulnerabilities, exposed data, or sensitive security concerns through the responsible disclosure page. Include the affected domain, issue type, impact, reproduction steps, and any safe screenshots or logs.

Customer responsibilities

Customers are responsible for account hygiene, appropriate role assignment, strong authentication practices where available, safe handling of exported data, timely removal of inactive users, and review of client-facing visibility before sharing.

Enterprise review

For procurement, security questionnaires, or formal review requests, contact [email protected].

Looking for the MSP or MSSP product?

Start with Operational Intelligence, use PSA for service workflows, and keep operational records in IT Docs.

Open Operational IntelligenceMSP ops softwarePSA softwareDocumentation