Last updated: May 31, 2026
NYOXA LABS is committed to ensuring the security of its systems and protecting the data of its clients and users. We value the efforts of security researchers and the wider security community in helping us maintain a secure environment. This Responsible Disclosure Policy outlines the guidelines for reporting potential security vulnerabilities related to NYOXA LABS-owned systems and our commitment to working with researchers in a constructive manner.
1. Scope
This policy applies exclusively to security vulnerabilities discovered in systems directly owned and operated by NYOXA LABS, including:
nyoxa.comand its subdomains.- Official NYOXA LABS web applications and services.
Out-of-Scope: This policy does not authorize testing of:
- Systems or services belonging to NYOXA LABS clients or third parties.
- Physical security vulnerabilities.
- Social engineering attacks against NYOXA LABS employees or clients.
- Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks.
- Automated scanning tools that generate significant traffic without prior approval.
2. How to Report a Vulnerability
If you believe you have discovered a security vulnerability in a NYOXA LABS-owned system, please report it to us as soon as possible via:
Email: security@nyoxa.com
To facilitate a prompt and effective response, please include the following information in your report:
- Affected Asset: The specific URL, IP address, or system where the vulnerability was found.
- Vulnerability Description: A clear and concise summary of the vulnerability.
- Steps to Reproduce: Detailed, step-by-step instructions to reproduce the vulnerability safely and consistently.
- Potential Impact: Explain the potential security impact of the vulnerability.
- Evidence: Screenshots, video recordings, or proof-of-concept code (if applicable and safe to share).
- Your Contact Information: Your name, email address, and any preferred method of contact (optional).
3. Our Commitment (Safe Harbor)
NYOXA LABS is committed to working with security researchers who report vulnerabilities in good faith and in accordance with this policy. If you follow these guidelines, we will:
- Acknowledge Receipt: We will acknowledge receipt of your report within 5 business days.
- Investigate: We will investigate your report promptly and provide you with updates on our progress.
- No Legal Action: We will not initiate legal action against you or ask law enforcement to investigate you for accidental or good faith violations of this policy.
- No Bug Bounty: Please note that NYOXA LABS does not currently operate a bug bounty program, and therefore, we do not offer monetary rewards for vulnerability disclosures.
This safe harbor applies only to activities conducted in good faith and in compliance with this policy. Any activities that fall outside the scope of this policy or violate applicable laws may be subject to legal action.
4. Rules of Engagement
When conducting security research, you must not:
- Access, modify, delete, or exfiltrate any data that does not belong to you.
- Disrupt or degrade our services or systems.
- Perform any actions that could harm the integrity, availability, or confidentiality of our systems or data.
- Publicly disclose any vulnerability before NYOXA LABS has had a reasonable opportunity to investigate and remediate the issue, and has provided explicit consent for disclosure.
5. Response and Remediation
We aim to address all valid reports as quickly as possible. Our response will include:
- Confirmation of the vulnerability (or explanation if not confirmed).
- Information on the remediation plan and timeline.
- Notification upon successful remediation.
6. Changes to This Policy
We may update this Responsible Disclosure Policy periodically to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with a revised "Last updated" date.
7. Contact Us
For any questions regarding this Responsible Disclosure Policy, please contact us at:
