Provider Vulnerability Disclosure Policy
Last Updated: February 20, 2026
Provider welcomes good-faith security research that helps keep Provider systems safe.
This policy does not authorize prohibited testing and does not create any warranties or expand Provider obligations.
1. Scope
This policy applies to security research and vulnerability reporting related to Provider-controlled systems and the Platform.
2. Rules of Engagement (Good-Faith Testing)
Without Provider's prior written authorization, researchers must not:
- perform denial-of-service testing;
- use automated scanners that degrade service;
- attempt to access, exfiltrate, modify, or delete data that is not their own;
- conduct phishing, social engineering, or physical security attacks;
- test third-party systems not controlled by Provider.
3. Reporting
Report suspected vulnerabilities to: security@tyria.app
Include:
- steps to reproduce;
- affected URLs/components;
- proof-of-concept details (if available);
- contact information.
4. Coordinated Disclosure
Please allow Provider reasonable time to investigate and remediate before public disclosure.
5. Safe Harbor (Good-Faith)
Provider will not pursue legal action for good-faith research that complies with this policy and applicable law. This safe harbor does not apply to actions that cause harm, disrupt services, or involve unauthorized access to data.
6. Contact
security@tyria.app