Security & Privacy
Security and Privacy are built in to the core of RocketCAD. RocketCAD is entrusted with the data of over 37,000 communities and over 280,000 users, administrators and community owners. This is a role that we do not take lightly and we work hard everyday to ensure that your information, data and communities are secure from external and internal attacks.
User Privacy & Security
Users can opt-in to 2 Factor Authentication, which allows users to secure their account with a 6-digit code that re-generates every 30 seconds to prevent unwanted logins.
Users are encouraged to create strong passwords, and RocketCAD will encourage you to make your password stronger when signing up.
In the event a user forgets their password, or believes their account has been compromised - you can reach out to our team or click "Forgot Password" to have an email sent to your account email address. In the event you're still in your account, you can log out all other sessions and immediately change your password.
Users are strongly encouraged to Verify your Steam Hex to ensure your Hex is locked to your account.
Users are strongly encouraged to Verify your Discord ID to ensure your ID is locked to your account.
User emails, steam hexes and phone numbers are not visible to any users, administrators or owners of RocketCAD - only official Modern Solutions/RocketCAD Staff Team members.
No payment information is stored within RocketCAD, you are re-directed to PayPal and Stripe, our payment processing partners, to checkout.
Users are encouraged to use a nickname or alias on the CAD, to prevent other community members, administrators and owners from having your legal first and/or last name.
Users are encouraged to leave old communities, or those they are no longer apart of, this will prevent your name and identifying information from being available to Administrators and Owners.
Users are encouraged to use a trusted and reliable email source, such as Gmail to flag spam emails early.
Users may select the identifiable information a community receives to verify their identity.
Community Privacy & Security
Communities are able to re-generate all Community specific codes and confidential information, such as Server IDs. Do not share your Community IDs, Server IDs or Server IP with anyone except trusted sources.
We strongly discourage the usage of "Automatically Approve Civilians" as this allows anyone into your community without being verified by a member of your Administration Team.
In the event of a security threat, we recommend using the Owner Panel Logs to find the name and information of any potential users responsible, and immediately report them to our team.
All Community Owners should have 2 Factor Authentication enabled, as mentioned above.
RocketCAD API Security
The RocketCAD 2.0 version API has been re-designed from the ground up with security & functionality in mind. Here are some of the steps we're taking to secure your integrations.
User Modification Notifications - With a user's consent, each time their account is modified through the API, they are notified via their portal and can opt for email notifications.
Owner Notifications - At the discretion of an individual Community Owner, each time their community or server is modification through the API, they are notified via their portal and can opt for email notifications. Each modification is thoroughly logged and Community Owners given the option to rollback any of the changes that were made.
Rolling API Keys - At any time, a Community Owner can opt to roll their API Key with immediate effect.
Multiple Methods of Authentication - In addition to API Keys to permit the action to occur, a developer must also pass the unique communityID and serverID, all three of which can be rolled at any time at the request of an Owner, with immediate effect.
Supervisor Disabling - At the discretion of a Community Owner from the Owner Panel > Permissions menu, Supervisors of any department type (LEO, Fire, Dispatch or Civilian) can instantly disable ‘Patrol related API requests’ if abuse occurs. This prevents any inbound API requests from taking place (and potentially distrupting a patrol) while notifying all owners of the community.
Shoulder Surfers, Attackers with Physical Access to your computer or Enhanced Privileges - API Keys are a randomly generated 24 character string of a combination of numbers and both lowercase and uppercase letters, making it exceptionally difficult for a shoulder surfer to gain access to a key when developing. API Keys are on average roughly 200% stronger than the average user password, making it more-than-likely secure in the event someone with enhanced access gains access to a developer’s computer for a short duration of time.
Last updated