Security at Nolxy

1. Reporting Security Vulnerabilities

Found a security issue? Report it responsibly to: support@nolxy.com.

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact

Do not publicly disclose before we have addressed it.

2. Safe Harbor

We consider good-faith security research authorized activity. We will not pursue legal action against researchers who:

• Report privately via support@nolxy.com
• Do not cause harm or access user data
• Allow reasonable remediation time (90 days)

3. Out of Scope

• Social engineering
• Physical attacks
• DoS/DDoS
• Automated scanner reports without manual verification
• Third-party services (GitHub, GitLab)

4. Bug Bounties

We do not offer monetary rewards during beta. We will publicly acknowledge researchers (with permission).

5. Security Practices

Nolxy implements industry-standard security:

Authentication & Access

• OAuth-only (GitHub/GitLab) — no passwords stored
• Secure session management
• API key cryptographic storage

Data Protection

• TLS encryption for all connections
• EU-hosted infrastructure (Germany)
• GDPR-compliant data handling

Application Security

• Rate limiting and abuse prevention
• Input validation and sanitization
• Audit logging for sensitive operations
• Regular security updates

Infrastructure

• DDoS protection
• Network access controls
• Monitoring and alerting

For compliance details, see our Privacy Policy.

6. Response Timeline

• Acknowledgment: 48 hours
• Assessment: 7 days
• Fix: 7–30 days (critical), 30–90 days (others)

7. Beta Notice

Nolxy is in experimental beta. Security controls are active, but architecture may evolve. Avoid mission-critical production workloads until beta exit.

8. Contact

Security, privacy, and support inquiries: support@nolxy.com.