For cyber security professionals

We take the security of the Nimblesite platform extremely seriously, and we put a huge emphasis on engineering it as tightly as we can. If you believe you've found a vulnerability, we want to hear about it right away.

Report an issue

Email support at nimblesite.ai with "Security" in the subject line.

Please include, where you can:

• what you found and where — the endpoint, URL, or request involved;
• the steps to reproduce it;
• the impact you believe it has.

If you'd like to encrypt your report, say so in a first email and we'll arrange a secure channel.

What we commit to

• We respond fast. We acknowledge reports promptly and keep you updated as we investigate and remediate.
• We act in good faith. We will not pursue legal action against researchers who report in good faith, avoid privacy violations and service disruption, and give us reasonable time to fix the issue.
• We credit you. If you'd like acknowledgement once an issue is resolved, we're glad to give it.

Testing scope & ground rules

In scope: api.nimblesite.ai, app.nimblesite.ai, and nimblesite.ai.

Test only against your own account and tenants. Please do not:

• access, modify, or destroy data belonging to other tenants;
• run denial-of-service, volumetric, or load tests;
• use automated scanning that degrades the service for others.

Responsible, good-faith testing within these rules is welcome — and appreciated.

For how we handle your data more generally, see our Privacy Policy.