English
If you believe you have found a security vulnerability in nab.it products or infrastructure, please email security@nab.it.com. Include a clear description, affected URLs or components, and steps to reproduce.
Scope (in scope): nab.it web app, Flutter app, API routes on nab.it.com / app.nab.it.com, the nab.it Chrome extension, and Firebase project configuration as used by nab.it.
Out of scope: third-party services except where they are directly integrated in a way that exposes nab.it user data; spam reports; social engineering of our team or users.
We will not pursue legal action against researchers who act in good faith: avoid privacy violations, destruction of data, or service disruption beyond what is necessary to demonstrate an issue.
Response time: we aim to acknowledge valid reports within 72 hours. Critical issues are prioritized.
Español
Si crees haber encontrado una vulnerabilidad en nab.it, escribe a security@nab.it.com con descripción clara, URLs o componentes afectados y pasos para reproducir.
Alcance: aplicación web, app Flutter, APIs en nab.it.com / app.nab.it.com, extensión Chrome de nab.it y uso de Firebase vinculado a nab.it.
No tomaremos acciones legales contra investigación de buena fe que respete la privacidad de los usuarios y no degrade el servicio más de lo necesario para demostrar el problema.
Tiempo de respuesta: buscamos confirmar reportes válidos en un plazo de 72 horas.