Incident Response Policy
Last Updated: June 2, 2026
This Incident Response Policy (“Policy”) describes NexNodo’s general approach to identifying, investigating, responding to, communicating, and managing applicable security incidents, operational incidents, and materially significant platform events affecting the NexNodo platform and associated services.
This Policy forms part of NexNodo’s broader security, operational, and compliance framework.
This Policy is intended to provide general transparency regarding NexNodo operational practices and does not constitute a contractual guarantee, internal security playbook disclosure, service commitment expansion, or waiver of applicable contractual limitations.
1. PURPOSE
NexNodo maintains commercially reasonable operational, technical, and organizational practices designed to support the identification, containment, investigation, remediation, and communication of applicable security and operational incidents affecting the NexNodo platform ecosystem.
The purpose of this Policy is to outline NexNodo’s general incident response framework applicable to platform operations, software-controlled services, customer-facing platform functionality, and materially relevant operational environments.
2. INCIDENT TYPES
NexNodo may apply incident response procedures to security events, operational disruptions, platform integrity events, or materially significant incidents affecting applicable NexNodo-controlled systems.
Incident categories may include, where applicable:
- security incidents
- unauthorized access events
- credential compromise events
- platform disruptions
- material availability incidents
- data security events
- malicious activity
- distributed denial-of-service activity
- platform abuse
- software operational failures
- provider coordination incidents
- or equivalent operational or security events.
Not every operational issue, software defect, customer workload issue, infrastructure anomaly, or transient service degradation shall necessarily constitute a reportable security incident.
3. INCIDENT RESPONSE APPROACH
NexNodo maintains commercially reasonable incident response practices intended to support:
- incident identification
- initial assessment
- containment activities
- impact evaluation
- investigation
- remediation
- recovery activities
- operational stabilization
- and post-incident evaluation.
Response methodologies may vary depending upon incident severity, affected systems, operational conditions, legal considerations, infrastructure provider involvement, customer impact scope, or equivalent operational circumstances.
NexNodo may prioritize incident handling activities based upon risk, operational urgency, platform integrity considerations, customer impact, regulatory obligations, or security requirements.
4. INVESTIGATION AND COORDINATION
Where commercially reasonable and operationally appropriate, NexNodo may investigate incidents using monitoring systems, observability tooling, platform telemetry, security logs, operational evidence, provider coordination processes, forensic methodologies, or equivalent operational investigation techniques.
Where relevant to incident handling, NexNodo may coordinate with:
- infrastructure providers
- data center partners
- subprocessors
- payment processors
- technology vendors
- cloud dependencies
- security providers
- legal advisors
- regulatory stakeholders
- or equivalent third parties reasonably necessary to support investigation, containment, remediation, or compliance obligations.
Incident coordination may require commercially reasonable operational cooperation between NexNodo and participating infrastructure providers within the NexNodo ecosystem.
5. CUSTOMER NOTIFICATION
Where NexNodo confirms a material security incident, materially significant operational disruption, or customer-impacting event affecting applicable NexNodo-controlled services, NexNodo may provide customer communications using commercially reasonable notification practices.
Where reasonably practicable and consistent with legal, operational, security, or investigative considerations, NexNodo may provide notice without undue delay and, where reasonably practicable, within seventy-two (72) hours following confirmed determination of a materially relevant reportable incident.
Notification timing, communication sequencing, communication detail levels, and disclosure scope may vary depending upon:
- incident severity
- affected systems
- ongoing investigations
- legal obligations
- security considerations
- provider coordination requirements
- law enforcement considerations
- or equivalent operational factors.
NexNodo shall not be obligated to disclose confidential investigation details, sensitive security methodologies, forensic artifacts, customer-specific confidential information, or information reasonably expected to compromise incident response effectiveness or platform security.
6. COMMUNICATION CHANNELS
Incident-related communications may be delivered through one or more communication mechanisms reasonably selected by NexNodo, including:
- email communications
- platform notifications
- support communications
- customer communications
- status communications
- or equivalent commercially reasonable notification channels.
Communication channels, delivery timing, and operational visibility may vary depending upon customer account configuration, operational circumstances, platform capabilities, or incident conditions.
7. CUSTOMER RESPONSIBILITIES
Customers remain responsible for maintaining commercially reasonable security practices relating to their own accounts, workloads, credentials, software deployments, configurations, infrastructure usage, and operational environments.
Customer responsibilities may include, where applicable:
- credential security
- access management
- multi-factor authentication usage where available
- software patching
- secure deployment practices
- application configuration
- customer workload monitoring
- and incident reporting relating to customer-controlled environments.
Customers shall promptly report suspected security concerns, unauthorized access concerns, or materially relevant security observations relating to NexNodo platform usage.
8. THIRD-PARTY SOFTWARE AND INFRASTRUCTURE LIMITATIONS
The NexNodo ecosystem may involve customer-managed workloads, third-party software deployments, open-source software, independent infrastructure providers, data center environments, payment processors, external dependencies, and related third-party operational components.
Accordingly, NexNodo incident handling capabilities, investigative visibility, remediation timelines, notification timing, and remediation authority may be affected by dependencies outside NexNodo’s direct operational control.
Nothing in this Policy shall be interpreted as creating guarantees regarding prevention, uninterrupted operation, absolute security, breach immunity, or third-party operational behavior.
9. POST-INCIDENT REVIEW
Where commercially reasonable and operationally appropriate, NexNodo may conduct internal post-incident review activities relating to materially significant incidents.
Post-incident activities may include:
- operational review
- root cause evaluation
- security improvement activities
- process refinement
- monitoring enhancements
- provider coordination improvements
- or equivalent operational improvement practices reasonably appropriate to platform operations.
NexNodo reserves discretion regarding internal review methodologies, remediation implementation timing, and disclosure treatment.
10. SECURITY REPORTING CONTACT
Security concerns, suspected vulnerabilities, incident-related reports, or materially relevant security communications may be directed to:
- or equivalent security contact mechanisms designated by NexNodo from time to time.
Security vulnerability reporting may also be governed by NexNodo’s applicable Vulnerability Disclosure Policy.
11. POLICY MODIFICATIONS
NexNodo may modify this Policy from time to time.
Material policy modifications may become effective upon publication, customer notification, platform publication, or equivalent commercially reasonable notice mechanisms implemented by NexNodo.
Continued use of the NexNodo platform following policy effectiveness constitutes acceptance of the revised Policy to the extent permitted under the applicable customer agreement.