Security is important to us at Tamara. We constantly strive to ensure our customers feel safe and secure using our services. If you believe you have discovered a potential security vulnerability on any of our Tamara domains, report your findings to us so we can fix it as soon as possible - and earn rewards!

Your reward will be reflected within 14 days from the date you submitted the report. You will be notified via email, SMS, or push notification.

• If you have an account on Bugcrowd, request an invitation to our Vulnerability Disclosure Program (send an invite).
• Otherwise, email your findings to security@tamara.co

• Please provide a clear, concise description, along with steps to reproduce, Proof-of-Concept, URL, and details of the vulnerable system when submitting a vulnerability.
• Please give us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. Depending on the severity of the issue, it may take us a few days to get back to you with feedback.

• Denial of Service or brute force attacks unless they expose confidential data.
• Spam or social engineering techniques conducted on any Tamara employee, vendor or contractor.
• Vulnerabilities only affecting users of outdated or unpatched browsers and platforms.
• Password policy, Absence SPF/DMARC, Missing Security Header, Self-XSS, Login/Logout CSRF, Lacking CSRF (unless affect sensitive user action).