Security

Security controls for link infrastructure evaluators

Last updated: 2026-04-01. This page summarizes the main security, privacy, and abuse-reporting controls behind Nimriz.

HTTPS
Served over encrypted connections
Validated
Destination and reserved path controls
Standard privacy
Default analytics posture

Security overview

Controls Nimriz applies around redirects, data, and access

These summaries keep the security page scannable while preserving the detailed policy links evaluators need.

Threat model

  • Abuse of redirects for phishing/malware distribution.
  • Credential theft / account takeover attempts.
  • Data leakage through analytics collection or logs.
  • Infrastructure misuse via automation or high-rate traffic.

Controls

  • Destination validation (blocked unsafe URL schemes).
  • Reserved system slugs on first-party domains.
  • Managed-domain loop prevention to reduce redirect loops.
  • Rate limiting and quota enforcement to reduce abuse.
  • Bot flagging to separate likely automation traffic in analytics.

Encryption and secrets

Connections to Nimriz are served over HTTPS. Service providers used for storage and edge execution provide encryption in transit and support encryption at rest for managed data stores.

Operational secrets are stored in secure server-side configuration and are not intended to be exposed to client-side code.

Access and response

  • Authentication gates dashboard access.
  • Server-side management APIs are authenticated for private domains.
  • Admin-only operations exist for takedown and safety response.

Analytics privacy

Standard privacy-aware analytics is the default. Raw IP addresses and full User-Agent strings are never stored; standard mode may keep daily-salted hashes for per-day deduplication, and strict privacy omits those hashes.

Raw click events are handled through append-only analytics infrastructure, while dashboard reporting relies on aggregated summaries rather than per-click writes to the primary database.

Security questions

Short answers for teams reviewing redirect controls, abuse reporting, and claim boundaries.

How does Nimriz reduce unsafe redirect behavior?
Nimriz applies destination scheme validation, reserved system paths, managed-domain loop prevention, and authenticated management APIs for private domains.
How should I report phishing or malware?
Use the public abuse report path for phishing, malware, or unsafe redirect reports. Vulnerability reports can be sent to the security contact with reproduction details and impact.
Does Nimriz claim a public compliance certification?
No public compliance certification is claimed here. This page describes current product and infrastructure controls for evaluator review.

Related next steps

Report vulnerabilities or abuse

For vulnerability reports, email security@nimriz.com with details, reproduction steps, and impact assessment. For phishing or malware, use the abuse report path.