Join us at Experience '19: The Digital Employee Experience Conference. Learn More

Responsible Disclosure Policy

At Nexthink, security is a top priority and we work hard to make sure our products and services are secure. However, if you believe you have found a security issue on our website or product, we’d love to hear from you and engage in a constructive dialogue together.

Our Policy


If you believe you found a vulnerability in one of our products or systems, we encourage you to reach out to us.
If you are a Nexthink customer, please contact us via our support center support.nexthink.com -otherwise, send an e-mail to [email protected].
Make sure to include:

  • the component affected (Nexthink product, nexthink.com website…);
  • the class of the vulnerability identified;
  • a non-destructive proof-of-concept of the vulnerability, or instructions on how to reproduce it.

Feel free to write your e-mail in English or French, whichever is best for you. If you wish to encrypt your e-mail, you can use the following PGP key.

  • Do not exploit or take advantage of the vulnerability more than strictly necessary for us to be able to reproduce it.
  • Do not disrupt the service or intentionally perform any change to a production system.
  • Do not communicate to any third-party information about the vulnerability without our explicit consent. Similarly, do not share with anyone potential data that you might have accessed to demonstrate the impact of the vulnerability.
  • Do securely delete all data retrieved as part of your vulnerability report as soon as it is no longer required.
  • We will do our best to acknowledge your report in less than 72 hours.
  • We will keep you up to date about the investigation we perform regarding the reported vulnerability.
  • We will not pursue any legal action against you for reporting and demonstrating the vulnerability if you follow the guidelines above.
  • We will handle your report as confidential and will not share it outside Nexthink unless we are legally required to do so.

Please note that we currently do not offer a paid bug bounty program.