How to report a vulnerability
If you believe you found a security issue in Nelu AI, please email us at
contact@xultrai.com.
Include clear reproduction steps, impact, and proof-of-concept details when possible.
Scope
- API endpoints and authentication flows of Nelu AI.
- Infrastructure and configuration issues that could expose user data.
Out of scope
- Spam, social engineering, or physical attacks.
- Non-exploitable best-practice suggestions without clear security impact.
What you can expect from us
- Acknowledgement of your report in a reasonable timeframe.
- Internal review and remediation when the issue is valid.
- Coordination with you on disclosure timing when needed.
Good faith testing
Please avoid actions that degrade service availability, access other users' data, or violate applicable laws.
We appreciate responsible disclosure and coordinated reporting.