Tailwind Reviews Vulnerability Disclosure Policy

Last Updated: February, 2026

Tailwind Reviews ("Tailwind Reviews") is committed to ensuring the security of our customers and their data. We value the security research community and encourage responsible disclosure of security vulnerabilities.

Scope

This policy applies to vulnerabilities discovered in:

Tailwind Reviews websites (tailwind.reviews and subdomains)
Tailwind Reviews applications
Tailwind Reviews APIs and backend services

Out of Scope

The following are not in scope for this program:

Third-party services and applications
Social engineering attacks
Physical security vulnerabilities
Denial of service attacks
Spam or social engineering techniques

Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please report it to us by emailing security@tailwind.reviews with the following information:

Description of the vulnerability
Steps to reproduce the issue
Potential impact of the vulnerability
Any suggestions for remediation

Our Commitment

When you report a vulnerability to us, we commit to:

Acknowledge receipt of your report within 48 hours
Provide an estimated timeline for addressing the vulnerability
Notify you when the vulnerability has been fixed
Not pursue legal action against researchers who follow this policy

Your Responsibilities

We ask that you:

Give us reasonable time to address the vulnerability before public disclosure
Make a good faith effort to avoid privacy violations and data destruction
Do not access or modify data that does not belong to you
Act in good faith to avoid degradation of our services

Recognition

We appreciate the security research community's efforts in helping us maintain the security of our platform. With your permission, we may publicly acknowledge your contribution to our security.