Security

Our commitment to protecting your systems and data

Driver Security

Our kernel-mode driver is developed following Microsoft's strict security guidelines and best practices:

  • EV Code Signing: All drivers are signed with Extended Validation certificates
  • HVCI Compatible: Fully compatible with Hypervisor-Protected Code Integrity
  • WHQL Certified: Passes Windows Hardware Quality Labs testing
  • Secure Boot Support: Works seamlessly with UEFI Secure Boot
  • Regular Audits: Third-party security audits every 6 months

Data Protection

We employ industry-standard encryption and security measures:

  • TLS 1.3 Encryption: All data in transit is encrypted
  • AES-256 at Rest: Database encryption for stored data
  • Zero-Knowledge Architecture: We cannot access end-user gameplay data
  • Secure Key Management: Hardware security modules (HSMs) for API keys
  • Rate Limiting: API rate limits prevent abuse and DDoS attacks

Privacy by Design

Privacy is built into every aspect of our system:

  • Minimal Data Collection: Only security-relevant information is gathered
  • Data Anonymization: Hardware IDs are hashed and salted
  • Automatic Deletion: Old event logs purged after 90 days
  • No Personal Files: We never access documents, photos, or browsing data
  • Transparent Logging: Users can review what data is collected

Vulnerability Disclosure

We take security vulnerabilities seriously and encourage responsible disclosure:

  • Bug Bounty Program: Rewards for responsibly disclosed vulnerabilities
  • 24/7 Security Team: Dedicated team monitors for threats
  • Rapid Response: Critical patches deployed within 24 hours
  • Transparency: Public disclosure after fixes are deployed
  • CVE Tracking: All vulnerabilities assigned CVE numbers

Report Security Issues:
Email: security@perca.ir
PGP Key: Available on request

Infrastructure Security

Our infrastructure is hosted on enterprise-grade cloud providers:

  • Multi-Region Redundancy: Data replicated across regions for availability
  • DDoS Protection: Enterprise-grade DDoS mitigation (Cloudflare/AWS Shield)
  • Network Isolation: Microservices isolated in private subnets
  • Intrusion Detection: Real-time monitoring and alerting systems
  • Regular Penetration Testing: Quarterly security assessments
  • Automated Backups: Daily encrypted backups with point-in-time recovery

Security Certifications

SOC 2 Type II

Audited annually for security controls

ISO 27001

Information security management certified

GDPR Compliant

Full compliance with EU data protection

PCI DSS

Payment card security standards

Incident Response

In the unlikely event of a security incident, we follow a structured response process:

  1. Detection & Assessment: Immediate threat identification and scope analysis
  2. Containment: Isolate affected systems to prevent spread
  3. Eradication: Remove threat and patch vulnerabilities
  4. Recovery: Restore services from secure backups
  5. Notification: Inform affected parties within 72 hours
  6. Post-Mortem: Document lessons learned and improve processes