Let’s change the way data is created, shared, and used, forever.

Let’s change the way data is created, shared, and used, forever.

Nextdata is hiring. We’re looking for pragmatic, empathetic problem-solvers who understand the needs of tomorrow and dare to challenge the ways of the past.

An error occurred while processing your request. Please check the inputted data and try again.
This is a success message.

Nextdata Responsible Disclosure Policy

Have you found a security issue? Tell us about it!

Nextdata is committed to ensuring the security and integrity of our systems and data. We recognize the importance of security researchers and members of the community in helping us identify vulnerabilities and issues that could compromise the confidentiality, integrity, or availability of our systems. This responsible disclosure policy outlines our commitment to working with these individuals to address security vulnerabilities promptly and effectively.

How to reach us

Send an email to security@nextdata.com.

When emailing us, make sure to include the following information for us to be able to respond quicker:

  • Notify us as soon as possible after you discover a real or potential security issue.
  • Detailed description of the vulnerability.
  • How to reproduce the issue.
  • If relevant, any screenshots or other documentation that help us to resolve the issue quicker.
  • Contact information we can use to reach you.
  • Do not submit a high volume of low-quality reports.
  • Provide us a reasonable amount of time to resolve the issue before you disclose it publicly.

Guidelines

  1. Report Submission: If you believe you have discovered a security vulnerability, we encourage you to report it to us as soon as possible by sending an email to [Contact Email]. Please include a detailed description of the vulnerability, along with any supporting evidence or steps to reproduce the issue.
  2. Responsible Disclosure: We request that you do not disclose the vulnerability publicly until we have had an opportunity to investigate and address it. We commit to acknowledging receipt of your report within [X] business days and to providing regular updates on our progress toward resolution.
  3. Cooperation: We appreciate your cooperation in helping us assess and remediate the reported vulnerability. We may reach out to you for additional information or clarification during the investigation process. We ask that you respond promptly to any communication from our security team.
  4. Non-Disclosure: We respect the privacy and confidentiality of security researchers and will not disclose your identity or the details of the vulnerability without your permission, except as required by law.
  5. Responsible Testing: We ask that you refrain from conducting any tests or activities that could disrupt or degrade the performance of our systems, or that could compromise the privacy or security of our users or data.

What you can expect from us

We will confirm with you that we have received your report as soon as reasonably possible, and aim to keep you informed on the progress of validation and mitigation.

To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.

Nextdata does not provide payment to reporters for submitting vulnerabilities. Reporters submitting vulnerabilities to Nextdata, in so doing, waive any claims to compensation.

What we can expect from you

In upholding the responsible disclosure practice, we expect that you to:

  • Don't break any applicable laws or regulations
  • Don’t exploit potential vulnerabilities to access restricted information.
  • Don’t modify or remove information.
  • Don't use high-intensity invasive or destructive scanning tools to find vulnerabilities.
  • Don’t affect the availability by denial of service attacks.
  • Don't submit trivial issues, such as non-sensitive mis-configurations e.g missing cookie flags.
  • Don't do social engineering, phishing, or similar attacks targeting Nextdata personnel and customers.
  • Report any found potential vulnerabilities to us first, and allow us time to evaluate and mitigate before going public with it.

Disclaimer

This responsible disclosure policy does not grant permission to engage in any activity that violates the law or our acceptable use policy. We reserve the right to take appropriate action, including legal action, against individuals who engage in unauthorized or malicious activities.

Changes to this Policy

Nextdata reserves the right to update or modify this responsible disclosure policy at any time without prior notice. Please check this page regularly for any changes.

Privacy policySecurity disclosure