HomeLaunchDashboardPlatformPricingContact
Security

Operator data is mathematically isolated.

Multi-tenancy without leakage is not a feature you market — it is a property you prove.

Tenant isolation

Every row in every table — players, bets, deposits, withdrawals, sessions, audit logs — carries an indexed tenant_id. PostgreSQL row-level security (RLS) policies enforce that a query made on behalf of operator A cannot return rows from operator B, full stop. Application-level code cannot bypass RLS — even a buggy query simply returns nothing for the wrong tenant. The policies are tested on every CI run with a 1,200-case fixture that asserts cross-tenant invisibility.

Encryption

  • At rest: AES-256 on disk, with per-tenant data-encryption keys wrapped by an HSM-managed key.
  • In transit: TLS 1.3 minimum on every API and webhook. HSTS with 1-year max-age and preload.
  • Secrets: Bot tokens, payment-rail API keys, and KYC vendor keys live in a managed KMS, never in environment files.

Auth & access

Operator console requires SSO (Google / Microsoft / Telegram-OAuth) or password + TOTP. Role-based access control with four built-in roles (Owner / Operator / Agent / Auditor) and the ability to define custom roles. Every privileged action writes an immutable audit-log entry visible to the operator and to GeezSoft platform staff.

Anti-fraud & risk

Engine-level rules detect: collusion patterns (two players passing chips), bonus abuse (multi-account farming), provably-unlikely streaks, payment-rail testing (small repeated deposits/withdrawals), and IP/device fingerprint clustering. Every alert surfaces in the operator console; thresholds are operator-tunable.

Game integrity

All RNG-driven games (Slots, Crash, Aviator, Dice) are provably fair: the per-round seed and nonce are committed before the round and revealed after, allowing players (and regulators) to verify any historical round independently. Independent RNG audit by a recognised testing lab is on the Q3 2026 roadmap.

Infrastructure

  • Primary region: Frankfurt (low-latency to East Africa). Failover region: Amsterdam.
  • Database: managed PostgreSQL with hot standbys and continuous PITR backup (30-day retention).
  • Engine: stateless containers behind autoscaling load balancers.
  • DDoS: protected at the edge via Cloudflare.

Roadmap

  • SOC 2 Type II — kickoff Q3 2026, expected report Q1 2027.
  • ISO 27001 — to follow SOC 2.
  • Independent RNG certification — Q3 2026.
  • Public bug bounty — Q4 2026 (currently a private programme — reach out below).

Reporting a vulnerability

If you believe you have found a security issue, please email security@geezsoft.org directly. We acknowledge within 24 hours and aim to triage within 72. Please give us 90 days before public disclosure.