Security

Last updated: July 15, 2026

We build systems for other people's businesses, so it would be strange to run a careless website. This page describes how taqi.io is actually built and how to reach us about a security problem.

Reporting a vulnerability

Found something? Email security@taqi.io with enough detail to reproduce it. We aim to acknowledge reports within 3 business days. Please give us a reasonable opportunity to fix the issue before disclosing it publicly.

We do not currently run a paid bug bounty, so we cannot offer a reward. We will not pursue legal action against researchers who report issues in good faith, act in a way that respects the privacy of others, avoid degrading our services, and do not access or modify data that is not their own. Please do not run automated scanning that generates significant traffic, and do not attempt social engineering, physical attacks, or denial of service.

A machine-readable version of this contact information is published at /.well-known/security.txt.

How this site is built

This is a static website. There is no application server, no database, and no user accounts. That eliminates entire categories of risk rather than mitigating them, which is the point.

Data we hold from this site

The only personal data this site collects is what you type into the contact form, which our host processes and forwards to our email. We ask for the minimum needed to reply to you, and nothing about you is sold or shared for advertising. Details are in our Privacy Policy.

Infrastructure

The site is hosted by Netlify, and our email runs on Google Workspace. Both are responsible for the security of their own platforms under their respective agreements with us. Access to our hosting and domain accounts is limited to people who need it and protected by multi-factor authentication.

What this page is not

We want to be straight with you: this page describes the security of this website. It is not a certification, an audit report, or a compliance attestation, and we do not claim to hold one. If you are evaluating Taqi for an engagement and need to discuss how we would handle security within your environment — including your own compliance requirements — that is a conversation we are glad to have. Start it at hello@taqi.io.