At Nanit, we take security and privacy issues very seriously, and we value the security research community with our commitment to address potential security vulnerabilities as quickly as possible. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our end-consumers.
If you believe that you’ve discovered a security or privacy vulnerability that affects Nanit devices, software, or services, please report it directly to us at privacy@nanit.com. Reporters can expect a confirmation of their report and follow-up from a Nanit representative within 10 business days. Reports should include specific product and software version(s) that you believe are affected; a technical description of the behaviour that you observed and the behaviour that you expected; the steps required to reproduce the issue; and a proof of concept or exploit. We may contact you if we require additional information. We aim to provide status updates, if necessary, every 30 days.
We ask our security research community to make every effort to avoid privacy violations, degradation of user experience, disruption to internal or external servers, and destruction of data or physical assets during security testing, keep information about the potential vulnerability discovered confidential between yourself and Nanit until we have a remedy in place, and restrain from using any exploits or vulnerabilities for commercial or business purpose.
In return, we commit to working with you to understand and resolve the potential vulnerability quickly and make our best effort to resolve security vulnerabilities, and release patches to end-consumers.
Please note that for the protection of our customers, Nanit will not disclose or discuss security issues until our investigation is complete and any necessary updates are generally available.