Security & Trust
How HUT handles trust, account protection, and launch operations
HUT is built for real estate operators who need to trust the data surface, billing flow, and account controls before they put real work through the product. This page summarizes the security and operational posture that is already visible in the product today.
Account protection
- Sign-in and signup flows are protected with CSRF controls, Turnstile CAPTCHA, and rate limiting.
- Two-factor authentication and active-session review are exposed from account settings for supported accounts.
- Session cookies are signed and HttpOnly, and deployments can use server-side session storage when Redis is configured.
- Password reset and email verification are first-class flows, not manual support workarounds.
Billing and payments
- Customer card handling is delegated to hosted billing providers rather than stored directly by HUT.
- The billing portal surfaces plan changes, payment-method updates, invoices, and cancellation at period end.
- Pricing, plan differences, trial timing, and cancellation behavior are explained on the public pricing page.
- Privacy and terms pages are published and linked from all public conversion surfaces.
Monitoring and recovery
- Error tracking and health endpoints are part of the application stack before launch, not after.
- Backup, restore, rollback, and incident-response procedures are documented in the launch operations runbook.
- Launch readiness is treated as an operational discipline with a critical-path test pass, owner assignments, and rollback rules.
- Security disclosures can use the published security.txt contact path.
Data and privacy
- HUT aggregates public-record and licensed data sources, and the product warns users to independently verify critical legal or financial decisions.
- Privacy disclosures explain what account, billing, and security metadata is collected and why.
- Public trust cues include privacy, terms, help center access, security.txt, and a documented support path.
- Feature and plan claims are aligned to the live product surfaces rather than placeholder marketing copy.