My Poker Tourney
Log In

Security & Trust

Your data is protected with enterprise-grade security

How We Protect Your Data

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your passwords are hashed using bcrypt with unique salts.

Secure Infrastructure

Hosted on AWS in Australian data centers with 24/7 monitoring, DDoS protection, and automated backups.

Access Controls

Role-based permissions, two-factor authentication (2FA) for administrators, and strict internal access policies.

Compliance

We comply with Australian Privacy Principles (APPs), GDPR, and industry best practices for data protection.

Regular Audits

Third-party security audits, vulnerability scanning, and penetration testing on a regular schedule.

Data Backups

Automated daily backups with 30-day retention. Point-in-time recovery available for Enterprise plans.

Your Responsibilities

Security is a shared responsibility. Here's what you can do to keep your account safe:

  • Use a strong, unique password (at least 12 characters with letters, numbers, and symbols)
  • Enable two-factor authentication (2FA) on your account
  • Never share your password or login credentials
  • Log out from shared or public devices
  • Review your account activity regularly
  • Report suspicious activity to our support team immediately

Incident Response

In the unlikely event of a security incident, we have a documented incident response plan:

  1. Immediate containment: Isolate affected systems and prevent further unauthorized access.
  2. Investigation: Determine the scope, cause, and impact of the incident.
  3. Notification: Inform affected users within 72 hours (as required by law).
  4. Remediation: Fix vulnerabilities and restore normal operations.
  5. Post-incident review: Analyze the incident and update security measures to prevent recurrence.

Reporting a Vulnerability

We take security seriously and welcome responsible disclosure of vulnerabilities. If you discover a security issue, please email security@mypokertourney.com.au with:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity
  • Your contact information (optional, for follow-up)

We will acknowledge your report within 48 hours and work with you to resolve the issue. We do not currently offer a bug bounty program, but we recognize and thank security researchers in our Hall of Fame (with your permission).