Skip to main content

SECURITY

Security disclosure

SimDrive runs inside your developer environment. It drives the iOS simulator via simctl and reads accessibility state via standard Apple APIs. It does not send screenshots or recordings off your machine unless you explicitly invoke ios_record() with a remote backend (which is opt-in).

Reporting a vulnerability

Please email [email protected] with details. Do not open a public GitHub issue for security reports.

For the full policy and PGP key, see SECURITY.md in the repo.

What we do

  • Dependency audit on every PR (pip-audit, npm audit for the site).
  • Signed releases via PyPI trusted publishing.
  • No telemetry in the runtime. Site analytics are aggregate-only (Plausible or self-hosted).

What we do not claim

SimDrive has not been SOC 2 audited. We do not hold any compliance certifications today. If your buyer requires SOC 2 attestation, talk to us about a timeline; do not assume it is in place.