Vulnerability disclosure
If you find a security issue affecting Oxaide, please let us know. We review legitimate reports in good faith and work with researchers to validate and address issues across the product, public site, and related services.
Disclosure Policy
If you believe you have found a security vulnerability in Oxaide, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
We ask that you:
- Provide us a reasonable amount of time to fix the issue before publishing it.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
- Do not modify or access data that does not belong to you.
Scope
In Scope
- • *.oxaide.com
- • app.oxaide.com
- • api.oxaide.com
- • oxaide.com marketing site
Out of Scope
- • Social engineering (phishing, vishing)
- • Denial of Service (DoS) attacks
- • Physical attacks against offices/datacenters
- • Third-party applications
Safe Harbor & Rewards
Oxaide will not pursue legal action against researchers who report vulnerabilities in accordance with this policy.
Note: We currently do not offer monetary bug bounties. Researchers who report valid, significant vulnerabilities will receive written acknowledgement upon request.
Response Timeline
Secure Communication
If you need to send sensitive information, please contact us first to arrange a secure transmission method.