MENU

Responsible Disclosure Policy

Effective Date: June 16, 2026

Nelami Groupe values the work of the security research community. As a technology firm with a core focus on cybersecurity, we are committed to maintaining the security of our platforms and clients. This policy governs how security researchers should report security vulnerabilities found in our systems.

1. Reporting Vulnerabilities

If you identify a security vulnerability on our website or within our systems, please report it immediately by sending an email to:
hello@nelamigroupe.com

Please include the following information in your report:

  • A clear, detailed description of the vulnerability.
  • Step-by-step reproduction instructions or a proof-of-concept (PoC).
  • The potential impact of the vulnerability.
  • Your name or alias for proper attribution in our records.

2. Testing Guidelines

To protect our clients and systems, we require researchers to adhere to the following rules:

  • No harmful testing against production systems: Do not run automated scanners, flood our forms, perform Denial of Service (DoS) attacks, or disrupt our active web servers.
  • Do not access, modify, or delete any data that does not belong to you.
  • Do not perform social engineering, phishing, or physical attacks against our staff, hubs, or clients.
  • Maintain confidentiality; do not disclose the vulnerability publicly or to any third party before we have had a reasonable opportunity to address it.

3. Our Commitment

If you follow these guidelines, Nelami Groupe commits to:

  • Responding to your report within 3 business days, confirming receipt and next steps.
  • Not pursuing legal action against you for finding and reporting the vulnerability.
  • Attributing credit to you if you are the first to report the vulnerability and a patch is deployed.