Per-organization encryption
Sensitive data, including Perforce credentials, is encrypted at rest with AES-256/GCM under per-organization keys.
Gameheim HubSecurity
Studios trust Gameheim Hub with their most valuable work. Protecting it is a design principle: built in from the first line, not bolted on later.
Headline protections
Sensitive data, including Perforce credentials, is encrypted at rest with AES-256/GCM under per-organization keys.
Custom roles built from 34+ permissions let you grant each person exactly what they need, and nothing more.
Every submit, lock and change is recorded with who, what and when: retained, never silently purged.
Each organization’s project data is fully isolated. No cross-organization access, by design.
Short-lived tokens with refresh rotation and reuse detection shut a stolen session down fast.
Per-IP rate limits on authentication and progressive account lockout stop brute-force and credential-stuffing before they get started.
Security by design
The Gameheim Agent runs every Perforce command on your own workstations. File contents never reach the cloud, only metadata: names, statuses and counts.
Strings from the network are length-capped and validated, identifiers are whitelisted, and paths are canonicalised against traversal. Nothing untrusted reaches the database, filesystem or a shell.
Short-lived access tokens, refresh-token rotation, and reuse detection that invalidates an entire token family the moment a stolen token is replayed.
The unauthenticated surface is deliberately small: read-only where it can be, rate-limited where it cannot. Sign-up is throttled per IP and per email to shut abuse down.
Audit logs are retained and never silently purged. Who did what, and when, stays answerable.
Native Perforce, production tracking, knowledge and your whole team. See what Gameheim Hub can do for your studio.
Get started