Security Policy

Last Updated: December 3, 2025

1. Security Measures

NGP Hosts implements reasonable security practices:

  • HTTPS/TLS encryption for all communications
  • Secure password hashing and storage
  • Discord OAuth2 authentication
  • IP address logging and monitoring
  • Automated threat detection
  • Regular security updates
  • Firewall and intrusion prevention

2. No Guarantee of Security

Despite our efforts, no system is 100% secure.

  • NGP Hosts is not liable for security breaches
  • No warranty of confidentiality or data integrity
  • Users accept all security risks
  • Account compromise is user responsibility

3. Account Security

Users must:

  • Use strong, unique passwords
  • Enable two-factor authentication (2FA) if available
  • Keep Discord account secure
  • Not share credentials with others
  • Monitor account activity regularly
  • Report suspicious activity immediately

4. Vulnerability Disclosure

If you discover a security vulnerability:

  • Do NOT publicly disclose the vulnerability
  • Contact: security@ngphosts.com (when available)
  • Or open a private support ticket
  • Or DM staff on Discord
  • Allow 30 days for patching before disclosure

5. Incident Response

In case of a security breach:

  • Users will be notified via email and Discord
  • Details of the breach will be disclosed
  • Recommendations for account security will be provided
  • Investigation results will be shared

6. DDoS Protection

  • Basic DDoS protection is implemented
  • Larger attacks may cause service disruption
  • No compensation for DDoS-related downtime
  • Attack patterns are logged for analysis

7. Malware Scanning

  • Server files may be scanned for malware
  • Compromised files may be quarantined or deleted
  • Malware distribution will result in termination

8. SSL/TLS Certificates

  • All communications use HTTPS
  • Certificates are regularly renewed
  • Certificate transparency logs are maintained

9. Log Retention

  • Access logs retained for 90 days
  • Security logs retained for 1 year
  • Logs may be deleted without notice after retention period
  • Law enforcement holds may extend retention

10. Data Transmission

  • All data in transit is encrypted
  • Server-to-server communications are secure
  • Backups are encrypted when downloaded
  • FTP connections use SFTP (encrypted)

11. Third-Party Plugins

  • Users install plugins at their own risk
  • NGP Hosts does not vet plugin security
  • Malicious plugins may compromise your server
  • Always download plugins from trusted sources

12. Penetration Testing

  • Unauthorized penetration testing is prohibited
  • Authorized security testing requires written permission
  • Violations result in account termination and legal action

13. Modifications

This policy may be updated at any time. Continued use constitutes acceptance of changes.