AES-256-GCM at Rest
All RCON passwords are encrypted using AES-256-GCM before being written to disk. Encryption keys are stored separately from the encrypted data.
RCONductor handles sensitive server credentials. We take that responsibility seriously - from encrypted storage to strict access controls and full audit trails.
All RCON passwords are encrypted using AES-256-GCM before being written to disk. Encryption keys are stored separately from the encrypted data.
Web panel and API traffic is TLS-protected via Cloudflare Full Strict SSL. The game-server RCON path uses the RCON protocol itself; use VPN/private networking and firewall allowlists for full transport protection.
RCON credentials are never logged in plain text - not in application logs, error messages, or monitoring dashboards. Credentials are redacted at every layer.
Every slash command can be restricted to specific Discord roles. Server owners define who can execute which commands - from kick/ban to server restart. No global admin accounts.
Every database query includes a mandatory guild_id filter. Server A can never see, modify, or access data from Server B. This isolation is enforced at the database layer, not just the application layer.
All state-changing operations require CSRF tokens. Sessions are stored server-side in Redis with 24-hour TTL. Cookies are httpOnly, secure, and SameSite=Lax - no client-side JavaScript can access them.
Every RCON command, permission change, and configuration update is logged with timestamp, user ID, and guild context. Audit logs are retained for 90 days and accessible in the web panel.
Prometheus metrics and Grafana dashboards track system health, shard status, queue depth, and error rates in real time. Alerts fire before issues become outages.
API endpoints and RCON command execution are rate-limited per guild to prevent abuse. RCON jobs are serialized per server to avoid command conflicts and flooding.
All data is stored on dedicated servers within the European Union (Hetzner, Germany). No data leaves the EU for storage or processing. GDPR-compliant by design.
Services run on a Docker Swarm cluster with multiple nodes. Rolling updates ensure zero-downtime deployments. Failed containers are automatically restarted and rescheduled.
Server access is restricted to SSH key authentication only - no password login. Access is limited to the operations team via a secured jumphost with separate key rotation.
We process personal data under Art. 6(1)(b) GDPR (contract performance). Our full Privacy Policy is available at /datenschutz. Data subject rights (access, deletion, portability) are supported.
RCON credentials are deleted immediately when a server is removed. Account data is purged 30 days after cancellation. Audit logs expire after 90 days. Invoices are retained for 8 years (German tax law).
We use strictly necessary cookies (session, CSRF). No Google Analytics, no advertising pixels, no third-party trackers. Optional cookies are only set after explicit consent.
Found a security issue? Report it to abuse@gonzi.tech. We treat all reports confidentially and respond within 48 hours.