Responsible Disclosure Program
Security is core to our "Sovereign-Grade" promise. We value the contributions of the security research community and are committed to working with researchers to verify and address potential vulnerabilities.
Disclosure Policy
If you believe you have found a security vulnerability in Oxaide, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
We ask that you:
- Provide us a reasonable amount of time to fix the issue before publishing it.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
- Do not modify or access data that does not belong to you.
Scope
In Scope
- • *.oxaide.com
- • app.oxaide.com
- • api.oxaide.com
- • oxaide.com marketing site
Out of Scope
- • Social engineering (phishing, vishing)
- • Denial of Service (DoS) attacks
- • Physical attacks against offices/datacenters
- • Third-party applications
Safe Harbor & Rewards
Oxaide will not pursue legal action against researchers who report vulnerabilities in accordance with this policy.
Note: We currently do not offer monetary bug bounties. However, we are happy to provide a letter of recommendation or public acknowledgement (Hall of Fame) for significant contributions.
Response Timeline
Secure Communication
If you need to send sensitive information, please contact us first to arrange a secure transmission method.