Security Vulnerability Disclosure
At NextStage, we take the security of our systems and the privacy of our users seriously. We welcome contributions from the security community and encourage responsible disclosure of any vulnerabilities you discover.
Reporting a Vulnerability
If you believe you’ve found a security vulnerability or weakness in any NextStage product or service, please let us know as soon as possible. You can contact us securely at:
When reporting, please include:
A clear description of the vulnerability and how it was discovered
Steps to reproduce (if applicable)
Any relevant supporting material such as screenshots or proof-of-concept code
We appreciate detailed reports that allow us to validate and remediate the issue quickly.
Authorization for Good-Faith Security Research
We authorize good-faith research and testing of NextStage’s publicly available assets and systems, provided that:
You avoid any actions that could harm our users or systems (e.g., denial-of-service attacks, data exfiltration, or service disruption)
You do not access or modify data that does not belong to you
You make a good-faith effort to avoid privacy violations or destruction of data
As long as your actions are consistent with this policy and conducted in good faith, we consider your research authorized and will not pursue legal action.
Coordinated Disclosure & Remediation
NextStage commits to acknowledging receipt of your report and working with you to resolve the issue in a timely manner.
We may request a reasonable period of time to investigate and remediate the vulnerability before public disclosure, but we do not expect indefinite non-disclosure.
Once the issue is resolved, we may publicly credit you for your responsible disclosure—if you’d like to be recognized.
