Opening TendWell
Preparing the care path.
Gathering the product, privacy, and workflow context for the next useful step.40 days free. No credit card. Privacy review before real care data.
Opening TendWell
40 days free. No credit card. Privacy review before real care data.
Security reports help TendWell fix a real issue while keeping names, prayer wording, private notes, and church exports out of the report whenever possible.
Security report triage
Report the affected URL or workflow, browser/device context, and clear reproduction steps without including private care records.
Safe report outline
Report packet
Responsible reporting
TendWell handles pastoral-care data, prayer wording, private notes, contact details, exports, and team access. Security reports need to help fix a problem without copying, opening, changing, or sharing church data that does not belong to you.
Use a concise subject, the affected URL or workflow, steps to reproduce, browser/device context, and screenshots only if they avoid private data.
Avoid names, prayer content, private notes, contact information, exports, logs, or screenshots unless the church owns the data and the detail is necessary.
Stop testing when you reach data that is not yours. Do not download, alter, delete, or share it.
Deletion, export, account, legal, and ordinary privacy questions belong at legal@tendwell.church instead of the security-reporting inbox.
TendWell uses organization-scoped data, role-based permissions, row-level security, security headers, rate limits, audit events, privacy-aware exports, and monitoring safeguards when enabled. This is TendWell's current security boundary, not a promise of perfect security, a bounty program, SOC 2 or HIPAA certification, or a substitute for your church's legal and privacy review.
Keep reports narrow, practical, and free of private pastoral-care details whenever possible.