Security Policy

The security of Nexus Telemetry™ and our users' data is important to us. This page explains how to report security vulnerabilities and what to expect from the process.

Last updated: March 2026

Reporting a Vulnerability

If you've found a security vulnerability in Nexus Telemetry, the Nexus website, or the Nexus API, please report it responsibly. Do not disclose it publicly until we've had a chance to investigate and address it.

Email: [email protected]

Subject line: Security Vulnerability Report

Please include as much of the following as you can:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • The affected component (desktop application, website, API, customer portal)
  • Your application version, operating system, and any relevant configuration
  • Any supporting evidence (screenshots, logs, proof-of-concept code)

What to Expect

  • Acknowledgement: We aim to acknowledge your report within 2 working days.
  • Assessment: We will investigate and assess the severity of the issue. We may contact you for additional information.
  • Resolution: We will work to resolve confirmed vulnerabilities as quickly as possible, prioritising based on severity.
  • Notification: Once resolved, we will let you know. For significant issues, we will publish a note in our release changelog.

Scope

The following are in scope for responsible disclosure:

  • Nexus Telemetry desktop application (all platforms)
  • nexustelemetry.com (marketing website)
  • account.nexustelemetry.com (customer portal and API)

The following are out of scope:

  • Starlink hardware, firmware, or SpaceX services — please report these directly to SpaceX
  • Third-party services we use (Stripe, Cloudflare, SendGrid, etc.) — please report these to the respective providers
  • Social engineering, phishing, or physical attacks
  • Denial-of-service attacks
  • Automated scanning without prior coordination

Safe Harbour

We will not take legal action against individuals who discover and report security vulnerabilities in good faith, provided they:

  • Make a reasonable effort to avoid accessing or modifying data that doesn't belong to them
  • Do not exploit the vulnerability beyond what is necessary to demonstrate the issue
  • Do not disclose the vulnerability publicly before we've had a reasonable opportunity to address it
  • Do not use the vulnerability to access, modify, or delete other users' data

Security Practices

While we don't disclose the details of our security architecture, here is an overview of the measures we take:

  • All data in transit is encrypted via HTTPS (TLS)
  • Payment processing is handled entirely by Stripe — we never see or store payment card details
  • Customer portal authentication uses short-lived magic links rather than passwords
  • The desktop application communicates with your Starlink terminal over your local network only — no telemetry data passes through our servers

Contact

For security-related reports or questions:

Email: [email protected]

Company: Liquidbinary Ltd

Registration: Scotland, SC370778

Location: United Kingdom