TIRNARA LLC

Security

We take the security of our products and our users seriously. If you believe you have found a security vulnerability in any Tirnara product or website, we want to hear from you.

How to report

Email security@tirnara.com with:

  • A clear description of the vulnerability.
  • Steps to reproduce it (or a proof-of-concept).
  • The product, URL, version, or component affected.
  • Any potential impact you have observed or expect.
  • How you would like to be credited if a fix is published (or that you prefer to remain anonymous).

Response expectations

We aim to:

  • Acknowledge your report within 5 business days.
  • Provide an initial assessment within 10 business days.
  • Keep you informed as we investigate and remediate.
  • Credit you in any public advisory, if you wish.

Scope

The following are in scope:

  • tirnara.com and any subdomain owned by Tirnara LLC.
  • Tirnara-published mobile and desktop applications.

The following are out of scope:

  • Findings from automated scanners that have not been validated.
  • Reports based solely on missing best-practice headers without a demonstrated impact.
  • Social engineering, physical attacks, or denial-of-service tests.
  • Issues in third-party services we use (please report those to the third party).

Safe harbor

If you make a good-faith effort to comply with this policy when researching and reporting a vulnerability, we will not initiate or pursue legal action against you for your research. We ask that you:

  • Avoid privacy violations, destruction of data, and interruption or degradation of our services.
  • Only interact with accounts you own or with explicit permission of the account holder.
  • Give us a reasonable amount of time to investigate and remediate before disclosing publicly.

security.txt

A machine-readable version of this policy is published at /.well-known/security.txt per RFC 9116.