Security
Last updated: 2026-07-01
Keeping accounts and data safe is a priority. Here's an overview of how we approach security and how to report a problem.
How we protect data
- Authentication and identity are handled by a managed identity provider (AWS Cognito); we don't store your password.
- Traffic is served over HTTPS/TLS.
- Access to production systems is limited and logged.
- We collect the minimum data needed to run the game, and location is optional and approximate.
Reporting a vulnerability
If you believe you've found a security issue, please email security@pintheprice.example with details and steps to reproduce. Please give us reasonable time to fix issues before public disclosure, and don't access or modify other players' data.
Scope
Our apps (iOS, Android), the web app, and our public APIs are in scope. Denial-of-service testing and social engineering are not.
Thanks
We appreciate responsible disclosure and will credit reporters who want it.