Security.
Epoch is an anti-cheat. We take operator trust seriously and treat the server-side Lua as a transparent artefact, not a black box. The summary below describes how we handle vulnerabilities and what operators should expect.
Auditability
The server-side Lua you deploy is auditable after purchase. If you want to read the source before committing, reach out via the support channel and we'll arrange a NDA-gated review for serious operators.
Vulnerability disclosure
Found a bypass, a leak, or a way to fool a detection? Don't publish it — message us first via the support channel in the dashboard. We acknowledge within 48 hours, ship a fix as fast as possible, and credit researchers in the changelog when they prefer attribution.
Data handling
Telemetry is encrypted in transit. Screenshots and detection evidence are scoped to your server's operators and never shared cross-tenant. See the privacy page for full handling.
What we don't do
- Pure Lua addon. No native memory scanning. No binary instrumentation of `gmod.exe`.
- No telemetry from servers not running Epoch.
- No backdoors. No "we'll just add this one undocumented module" surprises.
Contact
Security questions or vulnerability reports: reach out via the support channel in the dashboard.