ISMS Compliance

Responsible Disclosure

How to report a security vulnerability to NextSDS

We welcome reports from security researchers and the wider community. If you believe you have found a security vulnerability in a NextSDS product or service, please tell us so we can fix it.

How to report

What we ask

  • Give us reasonable time to investigate and remediate before any public disclosure.
  • Do not access, modify, or delete data that is not yours, and do not degrade our service (no denial-of-service, spam, or social engineering).
  • Act in good faith and within the law.

What you can expect

  • We will acknowledge your report, keep you updated on our assessment, and let you know when the issue is resolved.
  • We do not currently operate a paid bug-bounty programme, but we are happy to credit reporters who wish to be acknowledged.

Scope

NextSDS production products and services and their supporting infrastructure. Third-party platforms we rely on (listed in our Subprocessor Register) should be reported to the respective provider.