Security & Responsible Disclosure
Last updated: June 30, 2026
Security and data sovereignty are the foundation of NxtSeed. If you believe you've found a vulnerability in our website or products, we want to hear from you and will work with you to resolve it quickly.
Report a vulnerability
Email security@nxtseed.com with a clear description of the issue and steps to reproduce it. A machine-readable pointer is also published at /.well-known/security.txt.
Please include
- The affected URL, product, or component.
- Steps to reproduce, and any proof-of-concept.
- The impact you believe the issue has.
- How we can reach you for follow-up.
Our commitment to you
- We will acknowledge your report within 3 business days.
- We will keep you updated as we investigate and remediate.
- We will not pursue legal action against good-faith researchers who follow this policy.
- With your permission, we're glad to credit your responsible disclosure.
Safe harbor
We consider security research conducted in good faith and consistent with this policy to be authorized. Act in good faith, avoid privacy violations and service disruption, and only interact with accounts you own or have explicit permission to test.
Guidelines
- Do not access, modify, or delete data that isn't yours.
- Do not run automated scanning that degrades service, and avoid denial-of-service testing.
- Give us a reasonable time to remediate before any public disclosure.
- Do not use social engineering, phishing, or physical attacks against our people or offices.
Out of scope
Reports limited to missing best-practice headers with no demonstrated impact, rate-limiting on non-sensitive endpoints, and issues in third-party services we do not control are generally out of scope — but if you can show real impact, please tell us.
How we protect your data
NxtSeed is built local-first: our sovereign deployments run on hardware the client owns, so sensitive data never leaves the client's environment. Where data is handled, we use encryption in transit and at rest, least-privilege access, and audit logging. For how we handle website data, see our Privacy Policy.
Contact
Security: security@nxtseed.com. NxtSeed is a product of TechFides, Frisco, Texas, USA.