How to report a security issue.

If you've found a vulnerability or have a security concern with this site, please reach out before posting publicly. We treat researchers well.

Where to report

Email security@tamkis.com. Our machine-readable disclosure policy is at /.well-known/security.txt.

What to expect

• Acknowledgement within 48 hours.
• Triage within 5 business days.
• Status updates while we work on a fix.
• Public credit, if you'd like it, once the issue is resolved.
• No legal action against good-faith security research.

Compliance

We're a small studio. We don't claim certifications we don't hold. If your procurement requires SOC 2, ISO 27001, HIPAA, or similar attestations for an engagement, talk to us early — we can design the work around your compliance perimeter.

Other contact

For anything else on security or compliance: security@tamkis.com.