Tana – VDP

Your Data, Our Commitment for Tana

At HuntBug, we’re proud to partner with Tana to ensure your data is handled with the utmost care and transparency. This document isn’t a legal contract but a detailed overview of Tana’s privacy practices and security philosophy, designed to give you confidence in how we protect your information. For the complete details, please refer to Tana’s Privacy Policy and Terms and Conditions on their website.

It’s Your Data

Your data belongs to you, and Tana is committed to keeping it that way. Here’s how we ensure your control and ownership:

• No selling or advertising. Tana will never sell your data or use it for advertising purposes. Your information stays yours, and we don’t exploit it for profit.

• Unchanged ownership. The ownership and copyright status of the data you upload to Tana remain fully yours. We don’t claim any rights over your content.

• Seamless data export. You can export your data from Tana at any time, in a straightforward and accessible format, ensuring you’re never locked in.

• Transparency in data use. We only process your data to provide and improve Tana’s services, and we’re upfront about how it’s handled.

Your Privacy is Our Priority

Tana takes your privacy seriously, and we’ve built strict safeguards to protect your private information:

• No unauthorized access. We will not read or access your private notes without your explicit written or verbal consent. Your personal workspace is yours alone.

• Controlled employee access. Tana employees cannot access your private data unless you explicitly authorize it. For example, if you need support and choose to grant access to your workspace, we log the request and provide temporary access to designated support personnel only.

• Audited database access. A limited number of Tana employees have access to our production database to ensure the platform runs smoothly. Every access is logged, and we conduct regular audits to monitor for unauthorized activity. If an audit uncovers any issues, we’ll launch an immediate internal investigation and make any required notifications under applicable laws.

• Clear consent protocols. If you grant access for support or other purposes, we ensure the process is documented, time-limited, and revoked once the task is complete.

Security is Our Mission

Security isn’t a one-time effort—it’s a continuous commitment. Tana, hosted on HuntBug, employs industry-leading practices to keep your data safe:

• Robust technical safeguards. We use tools like Dependabot to monitor and address vulnerable dependencies in real-time. Our app enforces a strict content security policy (CSP) to prevent unauthorized scripts or actions.

• Encrypted data storage. Your data is stored in Google Cloud, where it’s encrypted both at rest (using 256-bit AES encryption) and in transit (via HTTPS TLS protocols). This ensures that even Google cannot access your data.

• Regular security audits. We periodically engage trusted, independent third parties to conduct comprehensive security reviews, ensuring our defenses stay ahead of emerging threats.

• Proactive vulnerability management. Our team continuously monitors for potential risks, patches vulnerabilities promptly, and updates our systems to maintain a secure environment.

• Compliance with standards. Tana adheres to industry standards like SOC 2 Type II and GDPR, ensuring our practices meet rigorous criteria for security, availability, and confidentiality.

Found a Security Issue?

We deeply value the contributions of responsible security researchers who help us keep Tana secure. For sensitive information, you can encrypt your report using our PGP key, available on Tana’s website.

How to Report a Vulnerability

• Submit detailed reports. Include a clear description of the vulnerability, steps to reproduce it, and, if possible, a proof of concept or video demonstration.

• Secure communication. Use our PGP key for encrypted submissions to protect sensitive details.

• Timely response. We aim to acknowledge your report within 3 business days and work with you to validate and resolve the issue.

• Responsible disclosure. Please refrain from publicly disclosing the vulnerability until we’ve had a chance to address it, in line with responsible disclosure practices.

Our Commitment to Researchers

We’re grateful for your efforts to make Tana safer. While we don’t currently offer a formal bug bounty program, we review all submissions seriously and may provide recognition or rewards at our discretion, depending on the severity and impact of the reported issue.

Our Ongoing Promise

At Tana, hosted on HuntBug, we’re dedicated to earning your trust every day. We strive to create a platform where you can work confidently, knowing your data is secure, private, and under your control. By partnering with HuntBug, we leverage the global security community’s expertise to strengthen our defenses and protect our users.

We’re here to help.