Contact and questionnaires

Security contact

If you have a security concern, vulnerability report, or need to discuss Tideflow's security posture, contact us at:

Security issues — hello@tideflow.au with the subject line [SECURITY] <short summary>
General support — support@tideflow.au
Privacy questions — privacy@tideflow.au

Reporting a vulnerability

When reporting a security issue, please include as much of the following as possible:

The affected endpoint or feature
Steps to reproduce or a proof-of-concept
Your assessment of severity and impact
Any mitigations you have already identified

Do not open a public GitHub issue for security findings. Use the email address above so the team can coordinate a fix before any public disclosure.

Response expectations

Step	Target timeframe
Acknowledgement	Within 2 business days
Triage and next-step update	Within 5 business days
Fix timeline	Depends on severity, exploitability, and rollout risk

Tideflow may request coordinated disclosure until a patch is deployed.

Security questionnaires

If your organisation requires a security questionnaire or vendor assessment before using Tideflow, email hello@tideflow.au with the questionnaire attached or a link to your assessment portal. The team will complete it and return it as quickly as possible.

What we can share

Tideflow can provide details on the following topics during a security review:

Hosting infrastructure and provider relationships
Authentication and access control model
Data handling, encryption, and retention policies
Webhook signature verification and inbound request validation
Incident response and disclosure practices

Security overview— High-level hosting, authentication, and security posture.
Data handling— Categories of data Tideflow processes.
Retention and deletion— How data is retained and how to request removal.

Security contact

Reporting a vulnerability

Response expectations

Security questionnaires

What we can share

Related