Close

Nex Playground

Get the award-winning active play system that gets families moving.
HSA | FSA Eligible
$249
USD
Buy Now
Buy Now
Find a Retailer
Amazon
Available
Walmart
Available
Target
Available
Best Buy
Limited
Sam's Club
Limited

Back to Compliance & Regulatory Information

Cyber Security Vulnerability Disclosure Policy

Nex Team Inc.

Found a security issue in one of our products? We want to know about it. Here's how we work together to keep families safe.

Published: February 2026

Last Updated: February 2026

Introduction

This policy covers security vulnerabilities in any Nex product or service—from Nex Playground hardware to our apps, websites, and cloud services.

We genuinely appreciate security researchers who take the time to help us protect the families who trust our products. While we don't currently offer bug bounties or monetary rewards, we're committed to working with you respectfully and collaboratively.

Please read through this whole policy before submitting a report, and stick to these guidelines throughout the process.

How to Report a Vulnerability

If you think you've found a security vulnerability, here's how to reach us:

Online Report Form: [security.nexplayground.com/report] (update with actual URL)

Email: security@nex.com (update with actual address)

Help us help you—include these details:

  • What's the vulnerability and how does it work?
  • Which product(s) and version(s) are affected?
  • Step-by-step instructions to reproduce the issue
  • Proof of concept code or screenshots (if you have them)
  • What impact could this have if exploited?
  • Your contact info so we can follow up with questions

The more information you give us up front, the faster we can validate the issue and get to work fixing it.

What to Expect After You Report

Within 5 business days: We'll confirm we got your report and give you a tracking reference number.

Within 10 business days: We'll finish our initial assessment and let you know if we've confirmed it's a real vulnerability.

Regular updates: We'll keep you in the loop on our progress. Some fixes are straightforward; others need deep investigation or complex engineering work. In some cases, proper remediation can take 90 days or longer—especially if we need to coordinate with hardware manufacturers, app store reviews, or update cycles that reach thousands of families.

Status check-ins: Feel free to ask how things are going, but please keep it to once every 14 days. This helps our security team stay focused on actually fixing the problem rather than writing status emails.

When it's fixed: We'll let you know when the vulnerability is resolved and may ask you to verify that our fix actually works.

Going public: Planning to write a blog post or publish your findings? Great! Just coordinate with us first so we can make sure affected families get clear, accurate information and aren't caught off guard.

Testing Guidelines—The Do's and Don'ts

We want security testing to be safe for everyone involved—you, our team, and especially the families using our products.

Please don't:

  • Break any laws or regulations while testing
  • Access more data than you need to prove the vulnerability exists
  • Change, delete, or mess with data in our systems
  • Use aggressive automated scanners that could knock services offline
  • Attempt denial-of-service (DoS) attacks
  • Test on live production systems if there's a safer alternative
  • Report theoretical issues that aren't actually exploitable (like a missing security header that doesn't create real risk)
  • Post about the vulnerability publicly before working with us
  • Use social engineering, phishing, or physical attempts on our employees
  • Demand payment in exchange for disclosing the vulnerability

Please do:

  • Follow all data protection and privacy laws (GDPR, UK GDPR, COPPA, etc.)
  • Treat user privacy seriously—remember, there are families and kids using these products
  • Keep any data you come across during testing completely confidential
  • Securely delete all test data within 3 months after we've resolved the vulnerability (unless you're legally required to keep it longer)
  • Act in good faith throughout the entire process

Legal Protections

This policy follows recognized best practices for coordinated vulnerability disclosure and meets UK Product Security and Telecommunications Infrastructure (PSTI) requirements.

Here's what this means for you:

This policy doesn't give you permission to do anything illegal or that would violate laws in your jurisdiction. You're responsible for making sure your security research is lawful where you live.

But here's what we'll do:

If you've followed this policy completely and in good faith, and someone tries to take legal action against you because of your vulnerability report, Nex will publicly confirm that you were acting in accordance with this policy.

What's In Scope (and What's Not)

We want reports about:

  • Nex Playground hardware and firmware
  • Nex mobile apps (iOS and Android)
  • Nex websites and web app*s (*.nexplayground.com, .nex.com)
  • Nex Play Pass and subscription services
  • Nex cloud infrastructure and APIs
  • Any Nex-controlled systems or services

Please don't report these:

  • Issues with third-party websites we link to (contact them directly)
  • Vulnerabilities in open-source libraries we use (report to the library maintainer first, though we still want to know if we're using a vulnerable version)
  • Social engineering attempts on our employees
  • Physical security of our offices or facilities

Our Commitment to You

Security research is real work, and we respect that. When you report a vulnerability to us, we commit to:

  • Treating you with respect and professionalism
  • Responding promptly to your reports
  • Keeping you updated on our progress
  • Working collaboratively toward a fix
  • Giving you credit publicly if you want it (with your permission, of course)
  • Not pursuing legal action against good-faith security research conducted under this policy

Contact Information

Security Reports: security@nex.com (update this)

Data Protection Officer: dpo@nex.com (update this)

General Support: support@nexplayground.com (update this)

For non-security questions, please use our Help Center instead—it'll get you answers faster.

Company Details:

Nex Team Inc. ( HK or San Jose )

[Company Address]

[City, State/Province, Postal Code]

[Country]

Regulatory Compliance:

This policy supports our compliance with:

  • UK Product Security and Telecommunications Infrastructure (Product Security) Regulations 2023
  • EU Cybersecurity Act (Regulation (EU) 2019/881)
  • General Data Protection Regulation (GDPR)

Thanks for helping us keep families safe.

Shop
Shop
Learn
Learn
Games
Games Catalog
Support
Support
About
About
Legal
Legal
Shop
Shop
Learn
Learn
Games
Support
Support
About
About
Legal
Legal
Nex Playground
SHOP
Our Story
ABOUT
Contact Us
SUPPORT
Privacy
LEGAL
Why Nex Playground
LEARN
What is Play Pass
LEARN
How it Works
LEARN
Buy Play Pass
Customer Love
LEARN
Terms
LEGAL
Games
News & Updates
ABOUT
Advisory Board
ABOUT
Play Pass
SHOP
Help Center
SUPPORT
Warranty
LEGAL
Remote Control
SHOP
Find in Stores
Safety & Privacy
LEARN
Travel Case
SHOP
Refunds
LEGAL
Manage Play Pass
SUPPORT
Merch
SHOP
Careers
ABOUT
CEO's Blog
ABOUT
Store Locator
SHOP
Community
ABOUT