04 feb 2025

Responsible Disclosure Policy

At Nanoheal, security is our utmost priority. We're committed to ensuring the safety and integrity of our products and services. If you believe you've discovered a security vulnerability in our website or a Nanoheal product, we encourage you to responsibly disclose it to us so we can work together to address the issue.

How to Report a Security Issue:

If you've identified a potential vulnerability, please contact us.

  • Nanoheal Customers: Contact us through our support center or your dedicated customer success associate or using itsupport@nanoheal.com

  • All Others: Email us at feedback@nanoheal.com

Please include the following information in your report:

  • The affected component (e.g., Nanoheal platform, nanoheal.com website).

  • The type of vulnerability identified (e.g., cross-site scripting, SQL injection).

  • A non-destructive proof-of-concept or clear instructions on how to reproduce the vulnerability.

Responsible Disclosure Guidelines:

  • Do not exploit the vulnerability: Only use the vulnerability to the extent necessary to demonstrate its existence to us.

  • Do not disrupt services: Refrain from any actions that could disrupt our services or intentionally modify any production systems.

  • Maintain confidentiality: Do not disclose information about the vulnerability to any third party without our explicit written consent. This includes any data you might have accessed while demonstrating the vulnerability.

  • Securely delete data: Any data acquired during your vulnerability testing should be securely deleted as soon as it's no longer needed for your report.

Our Commitment to You:

  • Acknowledgment: We will make our best effort to acknowledge your report within 72 hours of receipt.

  • Communication: We will keep you informed about the progress of our investigation into the reported vulnerability.

  • No Legal Action: We will not pursue legal action against you for responsibly reporting and demonstrating the vulnerability, provided you adhere to these guidelines.

  • Confidentiality: We will treat your report as confidential and will not share it with any external parties unless legally required to do so.

Bug Bounty Program:
Please note that we currently do not offer a paid bug bounty program.