GameScript AI
Sign In

Security & Compliance

GameScript AI is built with enterprise-grade security controls. Our platform implements industry-standard practices aligned with SOC 2 Type II requirements.

SOC 2 Type II Aligned

Our security controls are designed to meet the Trust Services Criteria for Security, Availability, and Confidentiality as defined by the AICPA.

Security
Availability
Confidentiality
Processing Integrity
Privacy

Authentication & Access Control

  • Two-factor authentication (TOTP) via authenticator apps
  • Strong password policy: 12+ characters with complexity requirements
  • Account lockout after 5 failed login attempts (15-minute cooldown)
  • Session timeout after 8 hours of inactivity
  • Role-based access control (Owner, Admin, Editor, Viewer)

Audit Logging & Monitoring

  • Comprehensive audit trail for all user actions
  • Login success and failure tracking with IP logging
  • Content creation, modification, and deletion logging
  • Administrative action logging (role changes, team management)
  • 1-year audit log retention policy

Data Protection

  • Passwords hashed with bcrypt (12 rounds)
  • HTTPS/TLS encryption for all data in transit
  • API keys stored as SHA-256 hashes (never in plaintext)
  • Secure token generation using cryptographic randomness
  • Content-Security-Policy and security headers enforced

Privacy & Data Rights

  • Full data export in JSON format (GDPR Article 20)
  • Account deletion with complete data removal (GDPR Article 17)
  • Email verification required for all new accounts
  • No third-party tracking or analytics cookies
  • Data minimization: only essential information collected

API Security

  • API keys with configurable expiration
  • Keys displayed only once at creation (zero-knowledge)
  • Rate limiting on all API endpoints
  • Per-user key limits (maximum 10 active keys)
  • Instant key revocation capability

Team & Organization Controls

  • Granular role-based permissions within teams
  • Invite-only team membership with token expiration
  • Team-scoped content sharing with explicit opt-in
  • Organization-wide usage monitoring for admins
  • Per-seat usage tracking and reporting

Data Retention & Handling

Audit Logs

Retained for 1 year. Automatically cleaned up after retention period.

Content Data

Retained until user deletion. Full export available at any time.

Account Data

Users can request complete data deletion. Processed within 24 hours.

Questions about our security practices?

Contact our team for detailed security documentation or to discuss enterprise requirements.

Contact Security Team