Security Disclosure Policy

nxtlabLast updated: February 05, 2026

1. Purpose

nxtlab is committed to maintaining the security and integrity of its systems and services.

This Security Disclosure Policy defines the process for responsibly reporting security vulnerabilities affecting:

  • nxtlab's website
  • nxtlab-owned infrastructure
  • Public-facing services operated by nxtlab

We encourage responsible disclosure and cooperative security research.

2. Reporting a Vulnerability

If you believe you have discovered a security vulnerability, please report it to:

Email: security@nxtlab.ma

Please include:

  • A clear description of the vulnerability
  • Affected system or URL
  • Steps to reproduce the issue
  • Proof-of-concept (if applicable)
  • Your contact information

Reports should be made in good faith.

3. Responsible Disclosure Guidelines

We request that security researchers:

  • Do not exploit the vulnerability beyond what is necessary to demonstrate its existence
  • Do not access, modify, or delete data
  • Do not attempt privilege escalation
  • Do not disrupt services or degrade availability
  • Do not conduct automated scanning or denial-of-service testing
  • Do not disclose the vulnerability publicly before remediation

Testing must be limited to nxtlab-owned systems only.

4. Out-of-Scope Activities

The following are strictly prohibited:

  • Social engineering of employees or contractors
  • Physical intrusion attempts
  • Distributed denial-of-service (DDoS) testing
  • Testing against third-party systems
  • Accessing client environments or infrastructure

nxtlab will not authorize testing of client systems without explicit contractual agreement.

5. Our Commitment

Upon receiving a valid vulnerability report, nxtlab will:

  • Acknowledge receipt within a reasonable timeframe
  • Investigate the issue promptly
  • Determine severity and impact
  • Remediate the vulnerability where appropriate
  • Maintain communication with the reporter

We may request additional information during investigation.

6. Legal Safe Harbor

If you act in good faith and comply with this policy:

  • nxtlab will not initiate legal action against you
  • We will consider your research authorized under this policy

This safe harbor applies only to activities conducted in accordance with these guidelines.

Any activity that violates Moroccan law, including unauthorized system access, remains prohibited.

7. Confidentiality

We request that vulnerability details remain confidential until remediation is complete.

Public disclosure should occur only after coordination with nxtlab.

8. No Bug Bounty Program

nxtlab does not currently operate a bug bounty program.

We may acknowledge valid vulnerability reports at our discretion, but monetary compensation is not guaranteed.

9. Contact

Security vulnerability reports:
security@nxtlab.ma

General inquiries:
hello@nxtlab.ma

Location: Casablanca, Morocco