Trust & Safety

Security

X-Hunt is built with security as a core principle. Here's how we protect your data and our platform.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and secrets are stored using environment-level secrets management, never in source code.

Authentication

Authentication is handled by Supabase Auth with support for passwordless email, OAuth providers (Google), and multi-factor authentication. Session tokens are rotated on each login.

Infrastructure

X-Hunt runs on Vercel and Supabase with automatic DDoS protection, rate limiting on all API routes, and zero-trust network policies.

Access Controls

Role-based access control (RBAC) is enforced at both the application and database layer. Admin routes require verified tenant accounts.

Responsible Disclosure

Found a vulnerability? Please report it to security@xhunt.app. We aim to acknowledge reports within 48 hours and resolve critical issues within 7 days.