Vulnerability Disclosure

We take security seriously and welcome responsible disclosure of vulnerabilities.

Report vulnerabilities to

Responsible Disclosure Policy

We believe that working with skilled security researchers can help identify weaknesses in our platform. If you discover a vulnerability, please report it responsibly.

Reporting Process

Discover a potential security vulnerability

Report it to security@tanpan.ai with detailed steps to reproduce

We will acknowledge your report within 48 hours

We will work on a fix and coordinate disclosure with you

Scope

In Scope

TANPAN.AI web application (tanpan.ai)
API endpoints
Authentication and authorization
Payment flow

Out of Scope

—Social engineering attacks
—Denial of service (DoS/DDoS)
—Third-party services and websites
—Attacks requiring physical access

Our Commitments

No legal action against good-faith security researchers
Timely acknowledgment and fix of confirmed vulnerabilities
Credit in our Security Hall of Fame (with your permission)
Transparent communication throughout the process