Data Protection

We take comprehensive measures to protect your personal and financial data:

• All sensitive data is encrypted in transit and at rest
• Database access is restricted and monitored
• No passwords stored — passwordless architecture eliminates password breach risk entirely
• Session tokens are securely managed with automatic expiration

Payment Security

Your financial transactions are protected at every step:

• Payments processed through a PCI-compliant payment gateway
• Webhook signatures verified with HMAC-SHA256 to prevent tampering
• Idempotent deposit processing prevents double-crediting
• Wallet transactions use database-level locking to prevent race conditions

Infrastructure Security

Our platform is built on secure, modern infrastructure:

• Content Security Policy (CSP) headers prevent cross-site scripting (XSS)
• Strict security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
• Rate limiting at application and infrastructure levels
• Regular security audits and dependency vulnerability scanning

Game Integrity

Our games are protected against manipulation and abuse:

• Provably fair algorithms using SHA-256 and HMAC-SHA256 cryptographic hashing
• Server seeds committed before gameplay — outcomes cannot be altered retroactively
• Risk management controls: daily win caps, dynamic max bets, payout limits
• All game outcomes are independently verifiable on our Provably Fair page

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to security@onxtra.com. We take all reports seriously and will investigate promptly. We ask that you do not publicly disclose vulnerabilities until we have had an opportunity to address them.