Tack One Pte Ltd - Product Security Advisory

Last updated: 13 March 2026

At Tack One Pte Ltd, the security and privacy of our customers is a top priority. We are committed to maintaining robust safeguards across all Tack GPS devices, the OurSphere application, and related services, and we continuously work to identify and address potential vulnerabilities in accordance with all applicable laws and regulations — including Singapore's Personal Data Protection Act (PDPA).

We value the role that our customers and the broader security community play in helping us maintain the integrity of our products. If you believe you have identified a security vulnerability or privacy concern affecting any Tack One product or service, we encourage you to report it to us responsibly using the process described below.

1. HOW TO REPORT A SECURITY VULNERABILITY

Please send all security and privacy-related reports to our dedicated security team at:

security@tackgps.app

To help us investigate and resolve your report as quickly as possible, please include the following information:

• 1.1 Your contact details. Provide your full name and a preferred method of contact — this can be an email address, phone number, or any other means you are comfortable with. If providing a phone number, please include the full country code, area code, and extension number (if applicable).
• 1.2 Details of the issue. Please provide as much detail as possible, including:
  • The name of the Tack One service(s) or system(s) your report relates to;
  • The product type, name, and model number of any affected hardware;
  • The name, description, and version number of any affected Tack One software or firmware;
  • A clear and detailed description of the vulnerability or issue, including any steps required to reproduce it, relevant background context, and any supporting evidence (such as screenshots, logs, or proof-of-concept code) that may assist our investigation.

The more detail you provide, the faster we can act on your report.

2. WHAT TO EXPECT AFTER YOU REPORT

We treat all security reports seriously and will handle your submission with care and confidentiality.

• Acknowledgement: We will acknowledge receipt of your report within 7 business days.
• Updates: We will provide regular progress updates until the issue is fully investigated and resolved.
• Resolution: Once a vulnerability has been resolved, we will make a suitable fix available to all affected customers as promptly as practicable.
• Disclosure: Where appropriate, a description of the resolved issue will be added to our security update log (see Section 4). We will notify affected customers wherever possible and recommend that all customers check this page regularly for the latest security updates.

Any personal information you provide in connection with your report will be used solely for the purpose of investigating and resolving the issue. It will not be shared with third parties except where required to resolve the vulnerability or as required by law.

3. RESPONSIBLE DISCLOSURE GUIDELINES

We appreciate all contributions from customers and the wider security community that help improve the safety of our products. In return, we ask that anyone investigating or reporting a potential vulnerability acts responsibly and in good faith, in accordance with the following guidelines:

• Do not attempt to access, modify, or interfere with any Tack One system, service, or product without authorisation.
• Do not access, copy, alter, destroy, or misuse any data you may encounter in the course of your research.
• Do not publicly disclose the details of any vulnerability before we have had a reasonable opportunity to investigate and address it.
• Keep all information relating to the reported issue strictly confidential until we confirm that it has been resolved or that public disclosure is appropriate.
• Do not use any discovered vulnerability to access data beyond what is minimally necessary to demonstrate the issue.

We are committed to working collaboratively with good-faith reporters and will not take legal action against individuals who discover and report vulnerabilities in accordance with these guidelines.

4. SECURITY UPDATES AND CHANGELOG

Tack One maintains a record of security updates released for our devices and software, including descriptions of the issues addressed. We recommend that all customers keep their devices and the OurSphere app updated to the latest available version at all times.

The latest software updates and release notes are available at: www.tackgps.app/pages/oursphere

5. SECURITY SUPPORT DURATION

Tack One is committed to providing security updates for our devices until at least 31 January 2027. We will endeavour to provide extended support beyond this date where practicable, and will update this page with any changes to our support timeline.

We recommend that customers visit this page periodically to stay informed of the current support status of their device.

6. CONTACT US

For any questions, comments, or concerns relating to this Security Advisory, please contact us at:

Tack One Pte Ltd 

Email: security@tackgps.app 

Website: www.tackgps.app 

Registered in Singapore

We aim to respond to all security-related enquiries within 7 business days.

© 2026 Tack One Pte Ltd. All rights reserved.