Vulnerability Disclosure Policy (VDP)
Effective: August 5, 2025
We encourage responsible reporting of security vulnerabilities. If you believe you’ve found a vulnerability in Nexalink or CareCompass, email legal@nexalink.care or support@nexalink.care.
Guidelines
- Avoid privacy violations, service disruption, or data destruction
- Do not access or modify data that is not your own
- Give us reasonable time to remediate before public disclosure
- Do not run automated scanners against production without permission
Safe Harbor
We will not initiate legal action for security research performed in good faith and in line with this policy. This safe harbor does not apply to unlawful activity or data exfiltration.
What to Include
- Description of the vulnerability and affected endpoints
- Steps to reproduce (proof of concept)
- Your contact information for follow-up
Thank you for helping keep users safe.