ARS
Start free trial Log in

Security

How we protect your data

Infrastructure

  • All traffic is encrypted in transit using TLS 1.2+.
  • Application data is stored in managed databases with encryption at rest.
  • Infrastructure is hosted on hardened cloud providers with SOC 2 compliance.

Authentication

  • Passwords are hashed using bcrypt with per-user salts.
  • Session tokens are rotated on login and expire after inactivity.
  • All state-changing requests are protected by CSRF tokens.

Application security

  • Input validation and output encoding to prevent injection and XSS.
  • Rate limiting on authentication endpoints to mitigate brute-force attacks.
  • Subscription-based usage limits prevent resource exhaustion.
  • PII detection filters scan scenario inputs before processing.

Access controls

  • Role-based access: regular users see only their own data; administrators have a separate privilege tier.
  • Admin actions are logged in an audit trail.
  • Database credentials are rotated and stored in environment variables, never in source code.

Incident response

If we discover a data breach that affects your personal information, we will notify you by email within 72 hours and provide details of the incident, the data involved, and the steps we are taking.

Responsible disclosure

If you discover a security vulnerability, please report it to security@simul.info. We will acknowledge your report within one business day and work to resolve the issue promptly.