VULNERABILITY DISCLOSURE POLICY

Effective May 2026

This policy outlines the guidelines for identifying and reporting security concerns related to TANITA consumer connected products ranged by Tanita Australia (Milner's Pty Ltd, an authorised representative of TANITA in Australia).

We ask that you review these terms thoroughly and ensure your research remains in full compliance before submitting a report.


How to Report a Vulnerability

If you have identified a potential security vulnerability, please email info@tanita.eu. 

To help us address the issue effectively, your report should include:
•    Your Identity: Full name and contact details.
•    Product Details: The specific model number (must be on our "Products Covered" list).
•    Discovery Timeline: When the vulnerability was first identified.
•    Methodology: The tools or devices used during your research.
•    Technical Breakdown: A clear description of the vulnerability and its potential impact.
•    Supporting Evidence: Any relevant screenshots, logs, or attachments.

The Remediation Process

Once a report is submitted, you can expect the following timeline:
•    Acknowledgment: Within 5 business days.
•    Triage: We aim to evaluate the finding within 30 business days.
•    Resolution: Remediation is prioritized based on severity and may take 90 days or longer depending on complexity.

Standards of Conduct 

To maintain a safe and legal research environment, you are required to follow these ground rules:

You MUST NOT:
•    Violate any local or international laws.
•    Access, modify, or delete any data within Tanita’s systems.
•    Use destructive testing methods or high-intensity automated scanners.
•    Perform Denial of Service (DoS) attacks or otherwise disrupt our services.
•    Share vulnerability details with third parties or the public outside of this policy.
•    Engage in social engineering, phishing, or physical attacks against Tanita personnel.
•    Attempt to extort or demand payment for your findings.

You MUST:
•    Prioritize user privacy and adhere to all data protection regulations.
•    Securely purge all data gathered during your research once it is no longer necessary or within 30 days of the issue being resolved.

Note: We only accept reports for connected products that include an official Statement of Conformity on our website. All other submissions will be disregarded.

This Statement of Compliance is the initial guaranteed support period and may be subject to future extension. View Statement Of Compliance

Please read our Privacy Policy and Your Privacy Choices for further information about how your data is collected on our website.