Trust Center policy

Provider Vulnerability Disclosure Policy

Rules of engagement and safe-harbor process for good-faith security research.

Back to Trust CenterBack to the Engine
Document type
Published policy
Public policy page
Last updated
February 20, 2026
Current published revision
Access
Public
No authentication required

Provider Vulnerability Disclosure Policy

Last Updated: February 20, 2026

Provider welcomes good-faith security research that helps keep Provider systems safe.

This policy does not authorize prohibited testing and does not create any warranties or expand Provider obligations.

1. Scope

This policy applies to security research and vulnerability reporting related to Provider-controlled systems and the Platform.

2. Rules of Engagement (Good-Faith Testing)

Without Provider's prior written authorization, researchers must not:

  • perform denial-of-service testing;
  • use automated scanners that degrade service;
  • attempt to access, exfiltrate, modify, or delete data that is not their own;
  • conduct phishing, social engineering, or physical security attacks;
  • test third-party systems not controlled by Provider.

3. Reporting

Report suspected vulnerabilities to: security@tyria.app

Include:

  • steps to reproduce;
  • affected URLs/components;
  • proof-of-concept details (if available);
  • contact information.

4. Coordinated Disclosure

Please allow Provider reasonable time to investigate and remediate before public disclosure.

5. Safe Harbor (Good-Faith)

Provider will not pursue legal action for good-faith research that complies with this policy and applicable law. This safe harbor does not apply to actions that cause harm, disrupt services, or involve unauthorized access to data.

6. Contact

security@tyria.app