Security

SimHunt is designed as a controlled-access digital platform with public previews, verified subscriber features, administrative controls, and API access where authorized.

Security practices

The platform uses account sessions, password hashing, CSRF protection, API token hashing, rate limiting, verification states, and access checks for protected features. Raw API tokens are not intended to be stored after issuance.

User responsibilities

Users are responsible for protecting their credentials, using strong passwords, keeping API tokens confidential, limiting token exposure in notebooks or scripts, and notifying SimHunt if they suspect unauthorized access.

Vulnerability reporting

Security reports should include the affected URL or endpoint, steps to reproduce, observed impact, and contact information for follow-up. Do not access, modify, delete, export, or disclose data that does not belong to you while investigating a suspected issue.

Abuse response

SimHunt may revoke sessions, rotate tokens, rate-limit requests, disable accounts, preserve logs, or restrict access to protect users, third-party rights holders, platform assets, or operational integrity.