← Back to Home

Security Policy

Last updated: 2025.09.12
Operator: Winforliving, operated by Balogh Ferenc (Sole Proprietor), Hungary

Overview

At Winforliving, we treat security as a top priority. Our mission is to provide a professional poker strategy platform while protecting the confidentiality, integrity, and availability of user data.

We apply industry-standard controls across authentication, data storage, and payments.

Data Protection

  • Encryption in transit: All communication is protected by TLS/HTTPS.
  • Payments: Handled by Stripe, which is PCI-DSS compliant. We never store card details.
  • Data storage: User data is stored in Supabase (PostgreSQL) with Row Level Security (RLS), ensuring each user can only access their own data.
  • Caching & Hosting: We use Upstash Redis for secure caching, Vercel for hosting, and AWS S3 for file storage.
  • Secrets: All API keys and secrets are stored in environment variables with restricted access.

Access & Monitoring

  • We follow the principle of least-privilege for system access.
  • Download logs include IP, user agent, and timestamps for accountability.
  • We monitor performance and errors through Vercel Analytics and logging systems.

Compliance

GDPR

As an EU-based operator, we comply with GDPR. Users can request access, correction, or deletion of their personal data at any time by contacting us.

PCI-DSS

All payment transactions are securely processed by Stripe, which is PCI-DSS Level 1 certified.

Responsible Disclosure

We encourage security researchers to responsibly report any potential vulnerabilities.

  • • Please do not publicly disclose issues before we have addressed them.
  • • Send reports to: winforliving@gmail.com
  • • Include a description, reproduction steps, and affected environments.
  • • While we currently do not offer a bug bounty, we greatly appreciate contributions from the security community.

Legal & Privacy

For more details, please see our:

📑 Terms of Service🔒 Privacy Policy