Threat model
- Abuse of redirects for phishing/malware distribution.
- Credential theft / account takeover attempts.
- Data leakage through analytics collection or logs.
- Infrastructure misuse via automation or high-rate traffic.
Security
Last updated: 2026-04-01. This page summarizes the main security, privacy, and abuse-reporting controls behind Nimriz.
Security overview
These summaries keep the security page scannable while preserving the detailed policy links evaluators need.
Connections to Nimriz are served over HTTPS. Service providers used for storage and edge execution provide encryption in transit and support encryption at rest for managed data stores.
Operational secrets are stored in secure server-side configuration and are not intended to be exposed to client-side code.
Standard privacy-aware analytics is the default. Raw IP addresses and full User-Agent strings are never stored; standard mode may keep daily-salted hashes for per-day deduplication, and strict privacy omits those hashes.
Raw click events are handled through append-only analytics infrastructure, while dashboard reporting relies on aggregated summaries rather than per-click writes to the primary database.
Short answers for teams reviewing redirect controls, abuse reporting, and claim boundaries.
For vulnerability reports, email security@nimriz.com with details, reproduction steps, and impact assessment. For phishing or malware, use the abuse report path.