Responsible Disclosure
Last updated: June 11, 2026
TenEightOne OP welcomes reports from security researchers acting in good faith. If you discover a potential vulnerability, we ask that you disclose it responsibly so we can protect our customers and their data.
How to Report
Email security@teneightone.com with the details of your finding. Good-faith reports will be reviewed, and we appreciate the effort that goes into responsible disclosure.
Please Include
- A clear description of the issue and its potential impact
- Step-by-step instructions to reproduce it
- The affected URL, endpoint, or area of the Service
- Screenshots or logs, if available
- Your contact information so we can follow up
Please Do Not
To keep customers safe, we ask researchers not to:
- Perform destructive testing or anything that could degrade or disrupt the Service
- Attempt credential attacks (such as brute-forcing or password spraying)
- Exfiltrate, download, or retain data that is not your own
- Access, modify, or delete other users' accounts or data
- Conduct denial-of-service or load-testing attacks
- Publicly disclose the issue before we have had a reasonable opportunity to address it
Our Commitment
We will review good-faith reports that follow these guidelines and work to address confirmed issues in a reasonable timeframe. We ask for your patience and discretion while we investigate and remediate.