Responsible Disclosure Policy – Tilaa Support desk

At Tilaa, we consider the security of our systems a top priority. Despite our constant monitoring and security measures, vulnerabilities may still occur.

If you discover a security vulnerability in our infrastructure, we encourage you to report it to us. We value the assistance of the security community in keeping our platform safe.

Policy on Bug Bounties:
Tilaa does not currently operate a paid Bug Bounty program.
While we greatly appreciate your research, we cannot offer monetary rewards for vulnerability reports.

Rules of Engagement

We promise not to take legal action against researchers who discover and report security vulnerabilities, provided you adhere to the following guidelines:

Do no harm: Do not execute attacks that could degrade our services (DoS/DDoS), disrupt customer data, or spam forms.
Privacy First: Do not view, delete, or modify more data than is strictly necessary to demonstrate the vulnerability.
Social Engineering: Physical attacks on our offices or social engineering (phishing) of our employees is strictly prohibited.
Scope: This policy applies to Tilaa's infrastructure (MyTilaa, API, Website). Vulnerabilities in customer-managed VPSs should be reported to the customer, not us.

How to Report

If you have found a vulnerability, please follow these steps:

Email us: Send your report to support@tilaa.com.
Details: Provide sufficient information to reproduce the problem (screenshots, code snippets, HTTP requests).
Encryption: If the finding contains sensitive PII (Personally Identifiable Information), please ask for a secure transfer method first or encrypt your email using our PGP key (if available).

Our Commitment

In return for your responsible disclosure, we commit to:

Acknowledge receipt of your report promptly.
Handle your report with strict confidentiality.
Keep you informed of the progress towards resolving the problem.
Credit you for the discovery (if you wish) once the issue is resolved.