Security & Responsible Disclosure

Last updated: June 30, 2026

Security and data sovereignty are the foundation of NxtSeed. If you believe you've found a vulnerability in our website or products, we want to hear from you and will work with you to resolve it quickly.

Report a vulnerability

Email security@nxtseed.com with a clear description of the issue and steps to reproduce it. A machine-readable pointer is also published at /.well-known/security.txt.

Please include

Our commitment to you

Safe harbor

We consider security research conducted in good faith and consistent with this policy to be authorized. Act in good faith, avoid privacy violations and service disruption, and only interact with accounts you own or have explicit permission to test.

Guidelines

Out of scope

Reports limited to missing best-practice headers with no demonstrated impact, rate-limiting on non-sensitive endpoints, and issues in third-party services we do not control are generally out of scope — but if you can show real impact, please tell us.

How we protect your data

NxtSeed is built local-first: our sovereign deployments run on hardware the client owns, so sensitive data never leaves the client's environment. Where data is handled, we use encryption in transit and at rest, least-privilege access, and audit logging. For how we handle website data, see our Privacy Policy.

Contact

Security: security@nxtseed.com. NxtSeed is a product of TechFides, Frisco, Texas, USA.