nami logo

nami security bounty

Continuous improvement

As the first intelligent sensing solution that integrates privacy by design, we are always on the lookout for potential vulnerabilities. 

We reward those who share critical issues with us, as it enables us to resolve them as quickly as possible.

nami api

Bounty eligibility

The nami security bounty is only available for the latest versions of the nami app and nami hardware. Eligibility also requires that those reporting:

  • are the first to report the issue to our nami security team 
  • provide a clear case of a vulnerability to be exploited
  • do not disclose the issue to anyone else before we have released a report on the issue. 

Optimizing your report

By offering security bounties, our goal is always protecting our end-customer.  Therefore, reports need to clearly identify the supposed vulnerability. We also require reports with sufficient information to allow us to test the vulnerability ourselves. 

Your vulnerability report must include

  • A detailed description of the issue
  • Guidance on the vulnerability that is sufficient for us to reproduce the issue.

nami is focused on issues that:

  • Affect multiple platforms
  • Affect the latest version of our app and hardware
  • Relate to newly added features of our products
  • Relate to sensitive components of our ecosystem. 

For more complicated vulnerabilities

As well as a full report, for more complicated issues we will expect a ‘full chain’.  The chain and report full report must contain:

  • Compiled and source versions
  • All steps necessary to execute the chain
  • A sample non-destructive payload, where possible. 

How to send reports

Reports must be sent by email to  Ideally, emails should be encrypted with our security key. If required use Mail Drop for sending large files.