NEXGUARD is committed to protecting users from phishing, scams, malware, and fraud. This policy describes how we handle security issues in our platform, extension, and browser.
Scope
- nexguard.live web application and APIs
- NEXGUARD AI Security Scanner browser extension
- NEXGUARD Browser desktop application
- Admin panel, AI risk services, and official download infrastructure
Out of scope
- Third-party websites scanned by our tools (report via in-product reporting)
- Social engineering against individual users outside our systems
- Issues in upstream Chromium, Chrome, or wallet software (report to those vendors)
Our commitments
- Acknowledge valid reports within 3 business days
- Provide status updates for critical issues within 7 days
- Credit researchers who follow responsible disclosure (with permission)
- Not pursue legal action against good-faith security research
Severity handling
Critical — remote code execution, authentication bypass, key or seed exfiltration via our software: emergency patch and user notification when fixed.
High — privilege escalation, sensitive data leak, extension sandbox escape: prioritized fix in next release.
Medium / Low — scheduled according to impact and exploitability.
Safe harbor
Do not access other users' data, perform destructive tests, or disrupt production. Use test accounts and staging where available. See our Responsible Disclosure page for reporting instructions.
Contact
Security team: security@nexguard.live (PGP key available on request)