Security Disclosure
Security is core to our mission. We welcome the contribution of external security researchers.
Safe Harbor Policy
If you conduct security research in good faith and in accordance with this policy, we will consider your research authorized. We will not pursue legal action against you and will work with you to understand and resolve the issue quickly.
Reporting a Vulnerability
If you believe you have found a security vulnerability in TARE, please report it to us immediately.
What to Include
- Specific URL and parameter(s) affected.
- Browser version and OS.
- Steps to reproduce (POC script or video preferred).
Scope
In Scope
- app.tareops.com (Dashboard)
- tareops.com (Marketing)
- api.tareops.com
- Critical Data Exposure
Out of Scope
- DoS / DDoS Attacks
- Social Engineering / Phishing
- Physical security of offices
- Third-party services (Stripe, Vercel)
PGP Key
For sensitive disclosures, you may encrypt your email using our PGP key.
-----BEGIN PGP PUBLIC KEY BLOCK----- mDMEaY/fKhYJKwYBBAHaRw8BAQdAJa6m7EmGCxvL/fLLWIBPQ8qTPpHdvCZoDcey 7p+AsR60IktldmluIE8nQ29ubm9yIDxrZXZpbkB0YXJlb3BzLmNvbT6ImQQTFgoA QRYhBEd9rbN6LYMQOKKWSH4DRcXiXENPBQJpj98qAhsDBQkB4TOABQsJCAcCAiIC BhUKCQgLAgQWAgMBAh4HAheAAAoJEH4DRcXiXENPTPkBAJXwUosdQCoo4/IgTC0Y vKQFgWHEID5T/cNXYueJExCfAQDqcqxwoi4/s04FTZY1icf2kVfiu298bi2mgwdQ vjyNALg4BGmP3yoSCisGAQQBl1UBBQEBB0CcaPFV82eySvFb+IjRBuxPsS/TS3ZS 4CTTPlFjqLO8DAMBCAeIeAQYFgoAIBYhBEd9rbN6LYMQOKKWSH4DRcXiXENPBQJp j98qAhsMAAoJEH4DRcXiXENPj3UA/iOrCp67/4NaIm0Q2/4rM9pTYJOAyJtF4eNf TqQZyZtfAP4lEddADSP0HD/XeqvWMs3uoSYvQQZKi2ZW4CCQEXxoAA== =UGlR -----END PGP PUBLIC KEY BLOCK-----