At FluxNode Technologies, we take security seriously. This policy outlines our commitment to protecting our systems, data, and users, as well as providing guidelines for security researchers who wish to report vulnerabilities.
Our Security Commitment
We are committed to ensuring the security of our systems and protecting our users' data. We implement industry-standard security measures and continuously work to improve our security posture.
Key Security Practices
- Regular security assessments and penetration testing
- Encryption of sensitive data both in transit and at rest
- Secure development practices and code reviews
- Regular security training for all employees
- Monitoring systems for suspicious activities
- Prompt patching of security vulnerabilities
Vulnerability Disclosure Program
We appreciate the work of security researchers in improving the security of our systems. If you discover a security vulnerability in our systems, we encourage you to report it to us responsibly.
How to Report a Vulnerability
If you believe you've found a security vulnerability in our systems, please report it to us by sending an email to security@fluxnode.ai.
Please include the following information in your report:
- A description of the vulnerability and the potential impact
- Steps to reproduce the vulnerability
- Any proof-of-concept code, if applicable
- Your name and contact information (optional)
What to Expect
When you submit a vulnerability report, you can expect the following from us:
- We will acknowledge receipt of your report within 48 hours
- We will provide an initial assessment of the report within 5 business days
- We will keep you informed about our progress in addressing the vulnerability
- We will notify you when the vulnerability has been fixed
Responsible Disclosure Guidelines
We ask that you:
- Do not exploit the vulnerability beyond what is necessary to demonstrate the issue
- Do not access, modify, or delete data that does not belong to you
- Do not disclose the vulnerability to others until we have had a reasonable time to address it
- Act in good faith to avoid disruptions to our service and users
Scope
The following systems are in scope for our vulnerability disclosure program:
- Our main website: https://fluxnode.ai
- Our web application and APIs
The following are out of scope:
- Denial of service attacks
- Social engineering attacks
- Physical security attacks
- Third-party services or applications that we use but do not control
Security Contacts
For security-related inquiries or to report a vulnerability, please contact us at:
For urgent security issues:
Please contact our security team immediately at (415) 909-3589 and mention that you are reporting a security vulnerability.
Updates to This Policy
This security policy may be updated from time to time. We will post any changes on this page and update the effective date below.
Last updated: February 26, 2025