You are using an ad blocker that is interfering with our web typography and internal javascript. Please whitelist our domain to live in a more beautiful world. No ads here, just really great software!

It’s here! The first complete platform for Digital Employee Experience Management. View Press Release

Responsible Disclosure Policy

At Nexthink, security is a top priority and we work hard to make sure our products and services are secure. However, if you believe you have found a security issue on our website or product, we’d love to hear from you and engage in a constructive dialogue together.

Our Policy


If you believe you found a vulnerability in one of our products or systems, we encourage you to reach out to us.
If you are a Nexthink customer, please contact us via our support center support.nexthink.com -otherwise, send an e-mail to security@nexthink.com.
Make sure to include:

  • the component affected (Nexthink product, nexthink.com website…);
  • the class of the vulnerability identified;
  • a non-destructive proof-of-concept of the vulnerability, or instructions on how to reproduce it.

Feel free to write your e-mail in English or French, whichever is best for you. If you wish to encrypt your e-mail, you can use the following PGP key.

  • Do not exploit or take advantage of the vulnerability more than strictly necessary for us to be able to reproduce it.
  • Do not disrupt the service or intentionally perform any change to a production system.
  • Do not communicate to any third-party information about the vulnerability without our explicit consent. Similarly, do not share with anyone potential data that you might have accessed to demonstrate the impact of the vulnerability.
  • Do securely delete all data retrieved as part of your vulnerability report as soon as it is no longer required.
  • We will do our best to acknowledge your report in less than 72 hours.
  • We will keep you up to date about the investigation we perform regarding the reported vulnerability.
  • We will not pursue any legal action against you for reporting and demonstrating the vulnerability if you follow the guidelines above.
  • We will handle your report as confidential and will not share it outside Nexthink unless we are legally required to do so.

Please note that we currently do not offer a paid bug bounty program.