Skip to content
Gamivate
Legal

Security Overview

Last updated: July 2026

Security is built into Gamivate from the database up. Here’s a summary of how we protect your data and your customers’.

Tenant isolation

Every brand’s data is isolated at the database layer with row-level security, enforced on every query — not just in application code. One brand can never see another’s players.

Data protection

  • Encryption in transit (TLS) and at rest.
  • IP addresses are hashed; we practise data minimization.
  • Secrets are managed outside the codebase and rotated.

Consent & auditability

Player consent is captured explicitly and stored in an append-only audit trail. Sensitive actions across the platform are logged.

Game & embed isolation

Games run in sandboxed iframes from an isolated origin, so game code can never access platform cookies or data. Scores are validated server-side to prevent tampering.

Responsible disclosure

Found a vulnerability? Please report it via our contact page and we’ll respond promptly.