Security Overview

NetRisk follows these principles:

• Collect only what is needed.
• Limit access to submitted information.
• Protect accounts and sessions.
• Monitor for abuse and suspicious activity.
• Reduce exposure of sensitive information.
• Be transparent about beta limitations.

Access to NetRisk accounts requires authentication. Administrative access is limited to authorized operators and used only for service operation, security, support, abuse prevention, and product improvement.

NetRisk uses encryption in transit where supported. Data storage protections depend on the underlying hosting and storage providers used by the service.

NetRisk may collect security logs, application logs, usage logs, and error logs to detect abuse, troubleshoot issues, and protect the platform.

NetRisk may apply controls such as:

• Work email requirement.
• Public email domain blocking.
• Disposable email blocking.
• Rate limits.
• Usage quotas.
• Scan throttling.
• Upload restrictions.
• Account suspension for suspicious activity.

Users should only submit information they are authorized to process. Do not upload passwords, secrets, private keys, unnecessary personal data, regulated sensitive data, or confidential third-party information unless authorized.

NetRisk aims to review and fix security issues based on severity, exploitability, and risk. As a free beta, response times may vary.

Security researchers and users can report suspected vulnerabilities through the Responsible Disclosure page.

Unless explicitly stated, NetRisk does not claim SOC 2, ISO 27001, PCI DSS, or similar certification.

For security questions or vulnerability reports: security@netrisk.io.