Product Security

Introduction

At NODI, the security and privacy of our customers is a top priority. We design our connected products with security in mind throughout their entire lifecycle, from development and manufacturing to deployment and end-of-life.

This page describes our security practices, how you can report potential vulnerabilities, and the security support period for our products.

Our Security Commitment

We follow industry-recognized best practices for secure product development, including:

  • Secure design and architecture reviews
  • Threat modeling and risk assessment
  • Penetration testing and independent security audits
  • Continuous monitoring for newly disclosed vulnerabilities
  • Regular security updates during the defined support period

Reporting Security Vulnerabilities

We welcome responsible disclosure of security findings and appreciate the efforts of the security research community.

If you believe you have found a potential security issue in any of our products or services, please contact us at development@nodi.kids.

The email should be written in English and include at least the following information:

  • Contact information
  • Products and versions affected
  • Time and date of discovery
  • Technical description of the potential vulnerability
  • Exploit/Vulnerability proof, e.g., photo, video
  • Any supporting material, e.g., a sample code
  • Additional information, if any

Note

Although we encourage investigation of potential security breaches, we cannot tolerate any activity that may interfere with legitimate users or may violate applicable computer abuse, cybersecurity and data protection regulations. Therefore, the following activities are prohibited:

  • Copying, modifying or destroying any data you might gain access
  • Disclosure of any data of any nature
  • Service disruption or degradation, such as DDoS
  • Social engineering, spam, or phishing attacks

Please act in good faith by conducting your activities under this policy and reporting the vulnerability to us promptly. Include sufficient detail for us to determine its validity, and act without coercion, dishonesty, or fraudulent intent.

 

 

Response Time

Once we receive your vulnerability report, we will email you confirmation within seven days, acknowledging receipt and providing initial feedback on the issue. We will continue to update you via email on our progress as we investigate and address the vulnerability.

Vulnerability Disclosure

Once an external party reports a vulnerability and the NODI team confirms it, we will promptly contact and advise our users if the vulnerability poses a high-risk threat. We will keep critical vulnerabilities confidential until they are fixed and at least seventy percent of our active user base has installed the patch. Subsequently, all vulnerabilities will be publicly communicated through Software Release Notes.

Security Update Support Period

We provide over-the-air (OTA) software updates to our connected product to continuously improve performance, add features, and address potential vulnerabilities. Software updates are applied automatically, with no user action required. We guarantee security updates and support for at least five years from the date of purchase.

Contact

If you have questions about product security, update periods, or this policy, you can reach us at help@nodi.kids.