How we keep your tenant's data and your players' identities safe, at rest, in transit, and in audit.
Browser · mobile · modern TLS
Strict transport security · preload
Strict content security policy · locked-down sources
Click-jacking and MIME-sniffing protections enabled
Conservative referrer and permissions policy
Audited against industry header benchmarks (A+ baseline)Every controller action is gated by a specific permission grouped into role grants, SuperAdmin, EnterpriseAdmin, CasinoManager, RoomManager, Dealer, Player and more. Adjust per role or per user without redeploying.
Every material action, seat overrides, rake corrections, junket transactions, configuration changes, is recorded with actor, timestamp, before-and-after values, and the originating IP. Tenant-scoped, searchable, exportable.
Token-based session authentication with automatic rotation. Every request is tenant-scoped and verified server-side. Lateral movement between tenants is impossible by design.
Modern TLS for every API and real-time connection. AES-256 encryption at rest for the database and any persisted file uploads. Secrets stored in your cloud provider's key vault, never in code.
Strict transport security, strict content security policy, click-jacking and MIME-sniffing protections, conservative referrer and permissions policy. A+ on industry header benchmarks is the baseline.
We respond to standard vendor security questionnaires (CAIQ, SIG-Lite) within five business days. Tell us which one.
Request the questionnaire