Playbasis

Security & Compliance

Keeping player data safe is core to the platform. Security controls are applied consistently across API, Builder, Admin, and the Developer Portal.

Authentication

  • API keys are scoped per environment with HMAC signatures on every request.
  • Admin & Builder use Azure AD SSO with conditional access policies.
  • Webhooks include a signed header (x-playbasis-signature) verified with shared secrets.

Data isolation

  • Tenants are isolated at the database and storage layer.
  • Builder sessions inherit tenant context, preventing cross-account data leakage.
  • Evals mirror production data with anonymized identifiers.

Observability

  • API calls, Builder exports, and Admin actions are logged with correlation IDs.
  • Logs stream into Azure Monitor with 30-day retention and anomaly detection.
  • Status lights on the marketing site and dashboards pull from the same health endpoints.

Compliance roadmap

  • SOC 2 Type II controls mapped and tracked in the infra repo.
  • GDPR and residency supported via Azure multi-region deployments.
  • Export-controlled data is redacted before leaving tenant boundaries.

Responsible AI

  • Prompt inputs and outputs are scanned for unsafe content before they leave Builder.
  • Model choices and versions are recorded per session for auditability.
  • Human-in-the-loop approvals can be enforced via Admin policies.

Report an issue

Email helloplaybasis@gmail.com with any security findings. For urgent incidents, include your contact details and we will respond promptly.