Frequently Asked Questions

Answers to program launch, payouts, and responsible disclosure questions we hear most.

5 min readUpdated Oct 9, 2025Troubleshooting

Answers to the most common questions from researchers and program owners across the NidFul community.

Researchers

Most programs commit to acknowledging submissions within one business day and triaging within five. You can view SLAs per program on the policy page.

Yes, unless the policy explicitly restricts geographic locations. Always respect export controls and check for sanctions restrictions.

Absolutely. Provide clear explanation linking each step; bounty multipliers apply when chains demonstrate higher impact.

Use NidFul’s scope versioning. Communicate adjustments through announcement posts and update safe-harbor language when removing assets.

Yes. Upload NDA templates and NidFul will manage acceptance tracking before granting access.

Triage can merge duplicates. When multiple researchers contribute unique insights, share partial bounties to maintain good relationships.

Programs can pay in local currency (NGN, KES, ZAR, GHS) or USD/EUR. NidFul handles conversions automatically.

Year-end summaries include total payouts in both local currency and USD, along with transaction references for tax filings.

By default, 24 months. Adjust retention to meet internal policy or regulatory requirements (minimum 12 months for auditability).

Check the platform status page for uptime and incident history.

Use the Critical Escalation toggle when submitting reports.
Email security@nidful.com with your program ID.
For government programmes, follow the shared incident hotline documented in your onboarding kit.

Need more? Explore Common Issues & Fixes or reach the support team via the channels listed in Additional Links & Support.