Back

Security

How we protect your data and infrastructure

Our Commitment

At Level 1K, security is foundational to everything we build. We understand that you're trusting us with your game servers and data, and we take that responsibility seriously. This page outlines the measures we take to keep your infrastructure secure.

Infrastructure Security

Network Protection

  • DDoS Mitigation: All game servers are protected by enterprise-grade DDoS protection to ensure your servers stay online during attacks
  • Firewall Rules: Strict firewall policies limit access to only necessary ports and services
  • Network Isolation: Customer servers are isolated from each other at the network level
  • Traffic Monitoring: Continuous monitoring for suspicious traffic patterns and anomalies

Server Security

  • Regular Updates: Operating systems and software are kept up-to-date with security patches
  • Hardened Configuration: Servers are configured following security best practices
  • Container Isolation: Game servers run in isolated containers with resource limits
  • Access Control: Strict access controls limit who can access infrastructure

Application Security

Authentication & Access

  • Secure Password Storage: Passwords are hashed using industry-standard algorithms (bcrypt)
  • Session Security: Secure, HTTP-only cookies with appropriate expiration
  • OAuth Integration: Support for secure third-party authentication providers
  • Rate Limiting: Protection against brute-force attacks and API abuse

Data Protection

  • Encryption in Transit: All connections use TLS 1.2+ encryption
  • Encryption at Rest: Sensitive data is encrypted when stored
  • Input Validation: All user input is validated and sanitised
  • SQL Injection Prevention: Parameterised queries prevent SQL injection attacks

Payment Security

We never store your payment card details. All payments are processed by our Merchant of Record, Paddle.com Market Limited, who is PCI DSS compliant. We only receive transaction identifiers and amounts necessary to credit your account.

Operational Security

  • Principle of Least Privilege: Staff access is limited to what's necessary for their role
  • Audit Logging: Administrative actions are logged for accountability
  • Incident Response: We have procedures in place to respond quickly to security incidents
  • Regular Reviews: Security practices are reviewed and updated regularly

Your Role in Security

Security is a shared responsibility. Here's how you can help protect your account:

  • Use a strong, unique password for your Level 1K account
  • Don't share your account credentials with others
  • Keep your game server software and plugins up-to-date
  • Review who has access to your servers regularly
  • Report any suspicious activity to our support team

Vulnerability Disclosure

We appreciate the security research community's efforts in helping keep Level 1K secure. If you discover a security vulnerability, please report it responsibly:

  • Email us at security@level1k.com
  • Provide sufficient detail to reproduce the issue
  • Give us reasonable time to address the vulnerability before public disclosure
  • Don't access or modify other users' data

We commit to acknowledging reports within 48 hours and keeping you informed of our progress.

Questions?

If you have any questions about our security practices, please contact us:

Email: security@level1k.com