Security Policy

Our commitment to security and vulnerability reporting

v1.6.2

Security Commitment

At FlyWithTSA, we take security seriously. We are committed to protecting our users' data and maintaining the highest standards of security for our TSA rules guide and airport security information service.

Security Practices

We implement industry-standard security measures to protect our systems and user data:

  • Data Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Access Controls: Strict access controls and authentication for administrative functions
  • Regular Updates: Continuous monitoring and regular security updates
  • Security Headers: Comprehensive security headers including X-Frame-Options, X-Content-Type-Options, and more
  • Bot Protection: Advanced bot detection and API route protection

Vulnerability Reporting

We welcome security researchers and the community to report security vulnerabilities. If you discover a security issue, please report it to us responsibly.

Report Security Issues

Please send all security-related reports to:

We aim to respond to all security reports within 24 hours.

Responsible Disclosure

We follow responsible disclosure practices:

  • Timely Response: We commit to responding to security reports within 24 hours
  • Collaboration: We work with researchers to understand and validate reported issues
  • Transparency: We provide regular updates on the status of reported vulnerabilities
  • Recognition: We acknowledge security researchers who responsibly report issues

What to Include in Reports

To help us quickly understand and address security issues, please include:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Suggested remediation (if applicable)
  • Your contact information for follow-up questions

Out of Scope

The following are generally considered out of scope for our security program:

  • Social engineering attacks
  • Physical security testing
  • Denial of service (DoS) attacks
  • Spam or phishing campaigns
  • Third-party services not under our direct control

Security Updates

We regularly update our security practices and policies. This security policy may be updated to reflect new security measures or changes in our approach to security.

Last Updated: January 27, 2025

← Back to FlyWithTSA