Responsible Disclosure

Nuxari is committed to the security of our platform and the protection of customer data. We welcome reports from security researchers and the broader community who identify potential vulnerabilities in our systems.

If you believe you have found a security vulnerability in the Nuxari platform, website, or related infrastructure, please report it to us responsibly. We will investigate all credible reports and work to address confirmed vulnerabilities in a timely manner.

Send your report by email to:

Do not report security vulnerabilities through public channels such as GitHub issues, social media, or community forums before we have had a reasonable opportunity to investigate and address the issue.

To help us investigate your report effectively, please include:

• ·The product, service, or component affected (e.g., platform UI, API, edge agent, nuxari.com website)
• ·A clear description of the vulnerability, including the type of vulnerability (e.g., authentication bypass, data exposure, injection)
• ·Step-by-step instructions to reproduce the issue
• ·The potential impact of the vulnerability if exploited
• ·Your name or handle (optional) if you would like acknowledgment

The more detail you provide, the faster we can investigate and respond. Proof-of-concept code or screenshots are helpful but not required.

When conducting security research on Nuxari systems, you must not:

• ·Perform denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against Nuxari infrastructure or customers
• ·Attempt to access, modify, or exfiltrate customer data belonging to other organizations
• ·Use social engineering, phishing, or physical intrusion techniques against Nuxari personnel or customers
• ·Exploit the vulnerability beyond what is necessary to demonstrate its existence
• ·Publicly disclose vulnerability details before Nuxari has had a reasonable opportunity to investigate and address the issue
• ·Introduce malicious code, backdoors, or persistent access into any Nuxari system
• ·Violate the privacy of any Nuxari customer, employee, or end user

When you report a vulnerability to us in good faith and in accordance with this policy, Nuxari commits to:

• ·Acknowledge receipt of your report within 2 business days
• ·Provide an initial assessment of the report's validity within 10 business days
• ·Aim to address confirmed vulnerabilities within 90 days of confirmation, depending on severity and complexity
• ·Keep you informed of our progress where reasonably practicable
• ·Not pursue legal action against researchers acting in good faith in accordance with this policy

Nuxari does not currently offer a bug bounty program. We will acknowledge credible reports with gratitude and, where appropriate, public recognition if the researcher consents.

Nuxari will not pursue legal action against individuals who report security vulnerabilities in good faith, provided that the researcher:

• ·Complies with this responsible disclosure policy
• ·Does not access, modify, or destroy customer data without authorization
• ·Does not perform actions that degrade the availability, integrity, or performance of Nuxari services
• ·Reports the vulnerability to Nuxari before disclosing it publicly
• ·Allows Nuxari a reasonable period to investigate and address the issue before any public disclosure

This safe harbor applies to good-faith security research conducted in accordance with this policy. Nuxari reserves the right to take appropriate action against any activity that falls outside the scope of this policy or that involves malicious intent, unauthorized data access, or harm to Nuxari customers or personnel.

This policy does not waive any rights Nuxari may have under applicable law with respect to activity that is not covered by good-faith security research.