Tailwind Reviews Vulnerability Disclosure Policy
Last Updated: February, 2026
Tailwind Reviews ("Tailwind Reviews") is committed to ensuring the security of our customers and their data. We value the security research community and encourage responsible disclosure of security vulnerabilities.
This policy applies to vulnerabilities discovered in:
- Tailwind Reviews websites (tailwind.reviews and subdomains)
- Tailwind Reviews applications
- Tailwind Reviews APIs and backend services
The following are not in scope for this program:
- Third-party services and applications
- Social engineering attacks
- Physical security vulnerabilities
- Denial of service attacks
- Spam or social engineering techniques
If you believe you have discovered a security vulnerability, please report it to us by emailing security@tailwind.reviews with the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggestions for remediation
When you report a vulnerability to us, we commit to:
- Acknowledge receipt of your report within 48 hours
- Provide an estimated timeline for addressing the vulnerability
- Notify you when the vulnerability has been fixed
- Not pursue legal action against researchers who follow this policy
We ask that you:
- Give us reasonable time to address the vulnerability before public disclosure
- Make a good faith effort to avoid privacy violations and data destruction
- Do not access or modify data that does not belong to you
- Act in good faith to avoid degradation of our services
We appreciate the security research community's efforts in helping us maintain the security of our platform. With your permission, we may publicly acknowledge your contribution to our security.
For security-related inquiries, please contact: security@tailwind.reviews
[END OF VULNERABILITY DISCLOSURE POLICY]
