Security Policy
First published: February 27, 2026
Last updated: February 27, 2026
1. Scope#
This Security Policy applies to:
https://gigatap.tophttps://docs.gigatap.top
Operational security procedures for VPN infrastructure at https://vpn.gigatap.top are managed under separate service documentation.
2. Reporting Security Issues#
Primary reporting channel:
https://t.me/GigaTapVPN_Support_Bot
Encrypted reporting key:
https://gigatap.top/.well-known/pgp-key.asc- PGP fingerprint:
7826 28E8 5DE1 82A4 9A75 6ACF 806B A3F2 7F45 F7D9
Please include:
- affected URL/path,
- reproducible steps,
- proof-of-concept or logs,
- impact assessment,
- suggested mitigation if available.
3. Response SLA#
- Acknowledgement target: within 72 hours.
- Triage and severity classification: as soon as practical after acknowledgement.
- Fix and disclosure timing depends on severity, exploitability, and operational constraints.
4. Responsible Disclosure#
We request coordinated disclosure:
- do not publicly disclose exploitable details before remediation or coordination,
- provide reasonable time for validation and patching,
- avoid privacy-impacting publication of user data.
5. Safe Harbor (Good Faith Research)#
We support good faith security research when testing stays within legal and ethical boundaries and avoids user harm.
We consider activities out of scope if they involve:
- social engineering of staff/community,
- physical attacks,
- denial-of-service attacks,
- spam or destructive testing,
- unauthorized access to third-party infrastructure.
6. Security Controls Overview#
Current controls include, among others:
- HTTPS and HSTS enforcement,
- strict security headers,
- Content Security Policy with controlled script/connect/frame sources,
- Permissions-Policy hardening,
- dependency and supply-chain monitoring in build workflow,
- segmented optional third-party scripts behind user consent.
7. Incident Handling#
We maintain incident response runbooks and prioritize containment, impact reduction, and service recovery.
Depending on incident type, actions may include:
- temporary feature restriction,
- key/token rotation,
- infrastructure hardening,
- post-incident review and control updates.
8. Dependency and Platform Security#
Application security also depends on third-party providers and libraries. We regularly update dependencies and may deprecate integrations that no longer meet security or privacy standards.
9. Policy Updates#
This policy is updated as architecture, legal requirements, or threat models evolve. The “Last updated” date marks the current version.
10. Related Documents#
- Privacy Policy:
/privacy-policy - Security contact file:
/.well-known/security.txt - PGP key:
/.well-known/pgp-key.asc