Tarosyn Security Policy

Tarosyn LLC takes the security of your account and spiritual data seriously. This page outlines our security practices and how to report vulnerabilities.

Security Practices

• All data in transit is encrypted with TLS 1.2 or higher.
• Passwords are hashed using bcrypt; no plaintext credentials are stored.
• Session tokens are signed and use strict SameSite cookie policies.
• Infrastructure access requires multi-factor authentication.
• Regular security reviews and dependency audits are part of our engineering workflow.
• Audit logs are retained for all administrative and privileged operations.

Responsible Disclosure

If you have discovered a security vulnerability in Tarosyn, please report it responsibly. We have a formal Vulnerability Disclosure Policy with a safe-harbor commitment and a defined response timeline.

Security Contact

Email [email protected] to report security issues. For critical vulnerabilities, please encrypt your message using our PGP key listed on the disclosure page.

Incident Response

We are committed to notifying affected users within 72 hours of a confirmed breach. See our Incident Response Policy for details.

Trust Center · Vulnerability Disclosure · Security Acknowledgements