NomaPort

Security Update Policy

This policy explains how NomaPort handles security updates for devices, software and configurations, including timelines and notification practices.

Last updated: 14 June 2026

1. Purpose

This Security Update Policy explains how NomaPort handles security updates for devices, firmware, software components, managed configurations and related services.

2. Scope

  • NomaPort-configured routers and hotspot devices.
  • Device management scripts, dashboards and account-connected apps where applicable.
  • Website, account portal and API infrastructure operated by NomaPort.
  • Third-party components integrated into NomaPort bundles, to the extent we can deliver updates through supported channels.

3. Update types

3.1 Critical security updates

Critical updates address actively exploited vulnerabilities, authentication failures, remote code execution risks or configuration flaws that materially undermine confidentiality, integrity or availability.

Target delivery: as soon as practicable after validation, typically within seventy-two (72) hours for issues under active exploitation affecting NomaPort-managed components, subject to testing and customer maintenance windows.

3.2 High and medium severity updates

These updates address significant but non-emergency vulnerabilities or hardening improvements.

Target delivery: within fourteen (14) to thirty (30) days depending on complexity, vendor patch availability and deployment method.

3.3 Routine maintenance

Routine updates include feature improvements, dependency upgrades and non-security bug fixes released on a regular cadence or bundled with scheduled maintenance.

4. Customer responsibilities

  • Keep contact details current so we can send security notices.
  • Apply recommended updates within agreed timeframes or allow remote update windows where supported.
  • Maintain physical access and power/network connectivity needed for updates.
  • Report suspected compromise or failed update attempts promptly.
  • Ensure third-party VPN, SIM and cloud accounts remain supported and accessible for integrated features.

5. Notification practices

We notify affected customers of critical security issues through email, account notices or direct support channels when appropriate. Public summaries may be posted on our security resources pages without disclosing exploitable details prematurely.

Subscription to our security updates newsletter is available on the website and does not replace direct incident notices for active customers where contact information is available.

6. Third-party dependencies

Some updates depend on hardware vendors, open-source projects, VPN providers or cloud platforms. When upstream patches are unavailable, we may implement compensating controls or recommend interim mitigations.

7. End of support

Devices or software versions may reach end of support when underlying hardware or dependencies can no longer be maintained securely. We will provide reasonable advance notice and migration options where feasible.

8. Vulnerability reporting

Security researchers and customers should report vulnerabilities under our Vulnerability Disclosure Policy at security@nomaport.com.

9. Contact

Security updates: security@nomaport.com

General support: hello@nomaport.com

NomaPort reduces common security and privacy risks through secure configuration, guidance and partner-supported workflows. It does not guarantee anonymity, immunity from attack, full legal compliance or complete protection against all threats.