Security
Last updated: October 2025
Executive Summary
VaultScope operates a defense-in-depth security posture across networking, infrastructure, hosts, and application layers. We protect customer services using a combination of industry-standard best practices, continuous monitoring, and third-party security platforms. Perimeter Anti‑DDoS protection for our public-facing services is provided by Cloudflare.
Perimeter & Network Security
Our edge security is provided by Cloudflare: DDoS mitigation, request filtering, a Web Application Firewall (WAF), and CDN-level protections. This prevents many attacks from reaching origin servers and reduces the impact of large-scale abuse.
- Cloudflare Anti‑DDoS, WAF, and rate-limiting for edge protection
- Network segmentation and firewalls to isolate management and user workloads
- Strict port policies and connection controls to limit exposure
Infrastructure & Host Security
We apply secure configuration and hardening across hosts and container runtimes, automated patching, and isolation controls to reduce the attack surface.
- Hardened base images and automated patch management
- Container isolation with resource limits to guard against noisy neighbours
- Filesystem and process restrictions (where supported) and secure SSH configurations
Panel & Application Security
The control panel and customer-facing applications are configured with security in mind. We encourage users to enable additional protections and follow strong authentication practices.
- Secure configuration and timely updates for Pterodactyl and related services
- Recommendation to enable two‑factor authentication (2FA) for accounts
- Role-based access controls and limited API credentials for automation
Data Protection & Encryption
Customer data is protected in transit and at rest where applicable. We use industry standard cryptography and access controls to protect sensitive information.
- TLS (HTTPS) for all public-facing services and APIs
- Encrypted storage for backups and sensitive configuration where supported
- Strict access controls and audit logging for administrative actions
Monitoring, Detection & Response
We operate centralized logging, alerting, and monitoring to detect and respond to incidents quickly. When incidents occur we follow an established incident response process and notify affected customers as required.
Vulnerability Management
Regular vulnerability scanning, code reviews, and automated dependency checks are combined with a prioritized patching cadence to mitigate risk from known vulnerabilities.
Responsible Disclosure
We welcome responsible vulnerability reports. When reporting, please provide sufficient detail to reproduce and triage the issue and avoid accessing or modifying user data.
- Email: security@vaultscope.dev
- Discord (for urgent contact): discord.gg/sRj3uPPpme
Third-Party Providers & Compliance
We partner with established infrastructure and edge-security providers and review their security posture as part of our operational procedures.
- Anti‑DDoS and edge security provided by Cloudflare
- Infrastructure providers with physical and environmental controls (e.g., Hetzner, Linode)
Customer Recommendations
- Enable 2FA on your control panel account and use strong, unique passwords
- Keep application dependencies up-to-date and apply security patches promptly
- Encrypt sensitive data at the application layer where possible
- Regularly test backups and validate restoration procedures
- Use least-privilege principles for API keys and automation credentials