Security & Compliance

Last Updated: December 27, 2025

🔒 HIPAA Compliant 🛡️ SOC 2 Ready 🔐 AES-256 Encryption

BrainyGaming is committed to maintaining the highest standards of data security. We understand that we are entrusted with sensitive health and child data, and we utilize zero trust architecture to protect it.

1. Infrastructure Security

Our platform is hosted on Amazon Web Services (AWS), utilizing their industry-leading secure data centers. Our infrastructure includes:

  • Virtual Private Cloud (VPC): All servers are isolated within a private network.
  • Firewalls: Strict Web Application Firewalls (WAF) protect against common web attacks.
  • DDoS Protection: Automated mitigation of Distributed Denial of Service attacks.

2. Data Encryption

We use strong encryption protocols to ensure your data is unreadable to unauthorized parties.

  • Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security).
  • Data at Rest: All databases, backups, and file storage are encrypted using AES-256 (Advanced Encryption Standard).

3. Access Control

We operate on a "principle of least privilege":

  • Internal Access: Only authorized employees with a verified business need can access user data. Multi-Factor Authentication (MFA) is mandatory for all internal systems.
  • User Access: We support strong password policies and offer MFA for user accounts to prevent unauthorized access.

4. Compliance

4.1 HIPAA

BrainyGaming is designed to be fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). We have signed Business Associate Agreements (BAA) with all our sub-processors who handle PHI (Protected Health Information).

4.2 COPPA

We adhere to the Children's Online Privacy Protection Act. We do not collect unnecessary data from children and ensure parental consent is obtained.

5. Monitoring and Incident Response

Our security team utilizes automated systems to monitor for suspicious activity 24/7. In the unlikely event of a data breach, we have a rigorous Incident Response Plan to identify, contain, and notify affected users within stringent timelines required by law.

6. Responsible Disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability in BrainyGaming, please report it to us at security@brainygaming.com.

7. Contact Security Team

For any security-related inquiries or concerns:

  • Email: security@brainygaming.com