win365x

Security Policy

Last updated: 28 May 2026

Your security is our top priority. We employ industry-leading security measures to protect your personal data, financial information, and gaming activity.

1. Data Encryption

  • All data transmitted between your device and our servers is encrypted using 256-bit SSL/TLS encryption.
  • Sensitive data at rest (passwords, payment details) is encrypted using AES-256 encryption.
  • API communications between internal services use mutual TLS authentication.
  • We enforce HTTPS on all pages and API endpoints.

2. Account Security

  • Passwords are hashed using bcrypt with unique salts โ€” we never store plaintext passwords.
  • Two-factor authentication (2FA) is available and strongly recommended for all accounts.
  • Account lockout is triggered after multiple failed login attempts.
  • Session tokens expire automatically after periods of inactivity.
  • Login notifications are sent for new device or location logins.
  • Players can view and terminate active sessions from Account Settings.

3. Payment Security

  • Payment processing is handled by PCI DSS Level 1 certified payment providers.
  • Card details are never stored on our servers โ€” they are tokenized by the payment processor.
  • 3D Secure (3DS) authentication is supported for card transactions.
  • Cryptocurrency funds are stored in cold wallets with multi-signature security.
  • All withdrawal requests undergo fraud screening before processing.

4. Infrastructure Security

  • Our platform is hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA.
  • DDoS protection is deployed at the network edge to mitigate volumetric attacks.
  • Web Application Firewall (WAF) protects against common web exploits (OWASP Top 10).
  • Network segmentation isolates critical systems from public-facing services.
  • Automated backups are performed regularly with encrypted offsite storage.

5. Monitoring & Incident Response

  • 24/7 security monitoring with automated alerting for anomalous activity.
  • Security Information and Event Management (SIEM) aggregates logs from all systems.
  • Dedicated incident response procedures for security breaches.
  • Players will be notified of any data breach affecting their personal information as required by law.

6. Vulnerability Management

  • Regular penetration testing is conducted by independent security firms.
  • Automated vulnerability scanning of all external-facing services.
  • Security patches are applied promptly following vendor disclosure.
  • Responsible disclosure: if you discover a security vulnerability, please report it to our security team. Do not exploit or publicly disclose vulnerabilities.

7. Player Responsibilities

  • Keep your login credentials confidential โ€” never share your password.
  • Enable two-factor authentication (2FA) for enhanced security.
  • Use a strong, unique password that you do not use on other sites.
  • Log out of your account when using shared or public devices.
  • Report any suspicious activity on your account to support immediately.