No internet connection

Check your network settings

← Back to Home

Responsible Disclosure Policy

SentryNix takes security seriously. We appreciate the security research community's efforts in helping us maintain the security of our platform and protecting our users.

How to Report a Vulnerability

If you believe you've found a security vulnerability in SentryNix, please report it to us at:

security@sentrynix.com

Please encrypt sensitive information using our PGP key (available upon request).

What to Include in Your Report

To help us understand and resolve the issue quickly, please include:

  • A description of the vulnerability and its potential impact
  • Detailed steps to reproduce the issue
  • Proof of concept code or screenshots (if applicable)
  • The affected version, component, or endpoint
  • Any suggested remediation steps
  • Your contact information for follow-up questions

Guidelines - Please Do

  • Give us reasonable time to investigate and fix the issue before public disclosure
  • Make a good faith effort to avoid privacy violations and data destruction
  • Only interact with accounts you own or have explicit permission to access
  • Use test accounts for testing when possible
  • Report the vulnerability as soon as you discover it
  • Provide us with a reasonable amount of time to fix the vulnerability before any disclosure

Guidelines - Please Don't

  • Access, modify, or delete data that doesn't belong to you
  • Perform denial of service attacks or load testing
  • Send unsolicited or unauthorized emails (spam)
  • Perform physical attacks against SentryNix property or data centers
  • Social engineer, phish, or physically attack our employees or contractors
  • Publicly disclose the vulnerability before we've had a chance to fix it

Our Commitment

Response Timeline

  • Initial Response: Within 48 hours of report
  • Status Updates: Every 5-7 business days
  • Resolution Target: 90 days for most issues

We will:

  • Respond to your report promptly and keep you updated on our progress
  • Work with you to understand and validate the security issue
  • Acknowledge your responsible disclosure when the issue is fixed (if desired)
  • Not pursue legal action against researchers who follow this policy

Scope

This policy applies to the following SentryNix properties:

  • *.sentrynix.com (all subdomains)
  • SentryNix web application and dashboard
  • SentryNix API endpoints
  • SentryNix mobile applications (iOS/Android)
  • SentryNix browser extensions

Out of Scope

The following are explicitly out of scope:

  • Vulnerabilities in third-party services we use
  • Social engineering attacks
  • Denial of Service (DoS/DDoS) attacks
  • Spam or social engineering techniques
  • Physical attacks against SentryNix facilities or employees
  • Vulnerabilities affecting outdated browsers or platforms

Recognition

We believe in recognizing security researchers who help us improve our security. With your permission, we'll acknowledge your contribution in our security acknowledgments page. We also offer a Bug Bounty Program with monetary rewards for eligible vulnerabilities.

Safe Harbor

We consider security research conducted consistent with this policy to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA)
  • Exempt from the Digital Millennium Copyright Act (DMCA)
  • Exempt from restrictions in our Terms of Service that would interfere with security research
  • Lawful and helpful to the overall security of the Internet

We will not bring legal action against researchers who act in good faith and follow this policy.

Contact Information

Security Team: security@sentrynix.com

Bug Bounty Program: View Program Details

General Inquiries: info@sentrynix.com

This policy is based on industry best practices and is subject to change. Last updated: 11/13/2025