TAHAI Web Services logoTAHAI Web Services
TAHAI IT Docs is live

TAHAI IT Docs is live. Core IT Docs is $10 per internal user per month with a governed read-only Client View allowance. TAHAI PSA is coming soon.

View pricingIT Docs pagePSA coming soonTrust centerLegal center
Security

Security posture for a documentation-first IT product company.

Prospective customers and reviewers can use this security summary as a starting point for TAHAI Web Services, TAHAI IT Docs, Client View role boundaries, and responsible disclosure.

Report a concernTrust Centersecurity.txt

Last updated: May 10, 2026. This page is a public security summary. Formal enterprise, regulated-sector, or procurement-specific review may require additional documentation.

Security principles

  • Use least-access role assignments.
  • Keep client-facing visibility separate from internal operational work.
  • Route suspected vulnerabilities through responsible disclosure.
  • Avoid sending passwords, private keys, tokens, or regulated data through ordinary email.
  • Use written agreements for enterprise-specific security, compliance, and procurement requirements.

TAHAI IT Docs role boundaries

TAHAI IT Docs separates billable internal roles from read-only Client View access. Owner and Staff accounts are billable internal seats. Client View is limited to approved client-facing material and cannot be used for internal operational work.

Customer-safe visibility

Client View users cannot create, edit, delete, invite users, manage members, access billing, access passwords or secrets, view internal docs or projects, toggle visibility, export organization data in bulk, run automation, or perform internal staff work.

Public website hardening

The company site publishes security headers, a sitemap, robots.txt, clean trust routes, a responsible disclosure page, and a machine-readable security.txt route.

Responsible disclosure

Report suspected vulnerabilities, exposed data, or sensitive security concerns through the responsible disclosure page. Include the affected domain, issue type, impact, reproduction steps, and any safe screenshots or logs.

Customer responsibilities

Customers are responsible for account hygiene, appropriate role assignment, strong authentication practices where available, safe handling of exported data, timely removal of inactive users, and review of client-facing visibility before sharing.

Enterprise review

For procurement, security questionnaires, or formal review requests, contact [email protected].