RConductor
Security

Built for Trust

RCONductor handles sensitive server credentials. We take that responsibility seriously - from encrypted storage to strict access controls and full audit trails.

Encryption & Credential Security

🔐

AES-256-GCM at Rest

All RCON passwords are encrypted using AES-256-GCM before being written to disk. Encryption keys are stored separately from the encrypted data.

🔒

TLS at Edge + Network Hardening

Web panel and API traffic is TLS-protected via Cloudflare Full Strict SSL. The game-server RCON path uses the RCON protocol itself; use VPN/private networking and firewall allowlists for full transport protection.

🚫

Zero Plain-Text Logging

RCON credentials are never logged in plain text - not in application logs, error messages, or monitoring dashboards. Credentials are redacted at every layer.

Access Control & Isolation

👥

Discord Role-Based Access (RBAC)

Every slash command can be restricted to specific Discord roles. Server owners define who can execute which commands - from kick/ban to server restart. No global admin accounts.

🏰

Multi-Guild Isolation

Every database query includes a mandatory guild_id filter. Server A can never see, modify, or access data from Server B. This isolation is enforced at the database layer, not just the application layer.

🛡️

CSRF & Session Security

All state-changing operations require CSRF tokens. Sessions are stored server-side in Redis with 24-hour TTL. Cookies are httpOnly, secure, and SameSite=Lax - no client-side JavaScript can access them.

Audit Logging & Monitoring

📊

Complete Audit Trail

Every RCON command, permission change, and configuration update is logged with timestamp, user ID, and guild context. Audit logs are retained for 90 days and accessible in the web panel.

📈

Infrastructure Monitoring

Prometheus metrics and Grafana dashboards track system health, shard status, queue depth, and error rates in real time. Alerts fire before issues become outages.

Rate Limiting

API endpoints and RCON command execution are rate-limited per guild to prevent abuse. RCON jobs are serialized per server to avoid command conflicts and flooding.

Infrastructure & Hosting

🇪🇺

EU-Only Hosting

All data is stored on dedicated servers within the European Union (Hetzner, Germany). No data leaves the EU for storage or processing. GDPR-compliant by design.

🐳

Docker Swarm with Redundancy

Services run on a Docker Swarm cluster with multiple nodes. Rolling updates ensure zero-downtime deployments. Failed containers are automatically restarted and rescheduled.

🔑

SSH Key-Only Access

Server access is restricted to SSH key authentication only - no password login. Access is limited to the operations team via a secured jumphost with separate key rotation.

Compliance & Data Protection

📜

GDPR Compliant

We process personal data under Art. 6(1)(b) GDPR (contract performance). Our full Privacy Policy is available at /datenschutz. Data subject rights (access, deletion, portability) are supported.

🗑️

Data Retention & Deletion

RCON credentials are deleted immediately when a server is removed. Account data is purged 30 days after cancellation. Audit logs expire after 90 days. Invoices are retained for 8 years (German tax law).

🍪

No Tracking Cookies

We use strictly necessary cookies (session, CSRF). No Google Analytics, no advertising pixels, no third-party trackers. Optional cookies are only set after explicit consent.

Responsible Disclosure

Found a security issue? Report it to abuse@gonzi.tech. We treat all reports confidentially and respond within 48 hours.

Bring structure to server operations

Launch in minutes and give your team a clear workflow for safe admin execution.