Menu

Security & Data Privacy

BetaHub is built with security and privacy at its core. This page outlines our security measures, infrastructure, and data protection practices.

Infrastructure Security

Hosting Environment

  • Provider: Amazon Web Services (AWS)
  • Primary Region: EU-West-3 (Paris, France)
  • Architecture:
    • AWS Elastic Beanstalk with EC2 instances
    • PostgreSQL on RDS with Multi-AZ deployment
    • Elastic Load Balancer (ELB) with auto-scaling
    • Lambda functions for specific service endpoints
    • CloudFront CDN for content delivery

Network Security

  • DDoS Protection: AWS Shield Standard for CloudFront distributions, ELB and WAF layer protection
  • Web Application Firewall: AWS WAF configured with custom rules to filter malicious traffic
  • Load Balancing: Application Load Balancer with health checks and automatic failover
  • Instance Lifecycle: EC2 instances automatically replaced regularly for security

Data Encryption

In Transit:

  • HTTPS only (no HTTP traffic allowed)
  • TLS 1.3 (with TLS 1.2 backward compatibility)
  • SSL certificates managed through AWS Certificate Manager

At Rest:

  • RDS database encryption enabled
  • S3 buckets encrypted with AWS managed keys (SSE-S3)
  • EBS volumes encrypted by default
  • All backups encrypted

Access Control & Authentication

Customer Access

  • Authentication Methods: GitHub OAuth, Discord OAuth, username/password
  • Session Management: Secure session tokens with automatic expiration, HTTP-only secure cookies
  • CSRF Protection: On all state-changing operations

Internal Access Controls

  • Production Access: Limited to authorized personnel only
  • Access Management: IAM roles with least privilege principle, separate development and production environments
  • Access Reviews: Quarterly review of all access permissions
  • Access Revocation: Same-day removal following documented checklist

Data Protection & Privacy

Data Collection

Via Discord:

  • Discord usernames and IDs
  • Original messages (for context)
  • Message links

Via Game Plugins:

  • Only data explicitly sent by the game developer
  • Typically includes: player IDs, hardware specifications, game logs
  • No sensitive personal data (health, race, religion, sexual orientation, etc.)

Data Usage

  • Data used solely for feedback management purposes
  • No marketing or third-party sharing
  • No profiling or automated decision-making
  • AI categorization performed using AWS Bedrock (data remains within AWS infrastructure)

Data Retention & Deletion

  • Feedback Reports: Retained indefinitely by default; organizations can configure their own data retention period
  • Personal Data: Users can request PII removal at any time, processed within 30 days
  • Backups: Regular automated snapshots with defined retention period
  • Data Portability: Users can export all their data from their profile

User Rights

  • View your own personal data by authenticating
  • Download your data (GDPR data portability)
  • Request deletion of your PII
  • Public visibility of reports is configurable per project

GDPR Compliance

  • Privacy-first approach with minimal data collection
  • Data processing strictly limited to stated purposes
  • All data stored within EU (France)
  • User rights fully implemented (access, rectification, erasure, portability)
  • Privacy Policy: betahub.io/privacy

Security Operations

Monitoring & Logging

  • Application Monitoring: AWS CloudWatch with custom metrics and dashboards
  • Security Monitoring: Failed login attempts tracking, unusual API usage patterns detection
  • Uptime Target: 99.5% with continuous tracking

Vulnerability Management

  • Dependency Scanning: Snyk and GitHub Dependabot for continuous vulnerability scanning
  • Update Policy: Security patches applied immediately upon alert
  • Infrastructure Updates: Automatic OS patching through AWS Elastic Beanstalk
  • Instance Rotation: EC2 instances automatically replaced regularly

Incident Response

  • Incidents triaged and prioritized by severity
  • Critical issues addressed immediately
  • Incident commander assigned from core team
  • Customer notification within 72 hours per GDPR requirements
  • Post-incident review and documentation

Backup & Disaster Recovery

  • Backup Frequency: Daily automated snapshots
  • Multi-AZ Deployment: Automatic failover for database high availability
  • Tested recovery procedures in place

Compliance & Certifications

Current Compliance

  • GDPR compliant operations
  • EU data residency requirements met
  • Privacy by design principles implemented

Planned Certifications

  • ISO 27001 (Target: 2026)

Service Level Agreements

Uptime Commitment

  • Target: 99.5% availability
  • Monitoring: Continuous through AWS CloudWatch

Security Incident Communication

  • GDPR breach notification within 72 hours to authorities
  • Customer notification as soon as impact assessed
  • Full disclosure of impact and remediation steps

Contact

General Security Inquiries:

  • Email: security@betahub.io
  • Response time: Within 24 business hours

Data Protection Officer:

  • Piotr Korzuszek, CEO
  • Company: Upsoft

See Also

Security & Data Privacy

BetaHub is built with security and privacy at its core. This page outlines our security measures, infrastructure, and data protection practices.

Infrastructure Security

Hosting Environment

  • Provider: Amazon Web Services (AWS)
  • Primary Region: EU-West-3 (Paris, France)
  • Architecture:
    • AWS Elastic Beanstalk with EC2 instances
    • PostgreSQL on RDS with Multi-AZ deployment
    • Elastic Load Balancer (ELB) with auto-scaling
    • Lambda functions for specific service endpoints
    • CloudFront CDN for content delivery

Network Security

  • DDoS Protection: AWS Shield Standard for CloudFront distributions, ELB and WAF layer protection
  • Web Application Firewall: AWS WAF configured with custom rules to filter malicious traffic
  • Load Balancing: Application Load Balancer with health checks and automatic failover
  • Instance Lifecycle: EC2 instances automatically replaced regularly for security

Data Encryption

In Transit:

  • HTTPS only (no HTTP traffic allowed)
  • TLS 1.3 (with TLS 1.2 backward compatibility)
  • SSL certificates managed through AWS Certificate Manager

At Rest:

  • RDS database encryption enabled
  • S3 buckets encrypted with AWS managed keys (SSE-S3)
  • EBS volumes encrypted by default
  • All backups encrypted

Access Control & Authentication

Customer Access

  • Authentication Methods: GitHub OAuth, Discord OAuth, username/password
  • Session Management: Secure session tokens with automatic expiration, HTTP-only secure cookies
  • CSRF Protection: On all state-changing operations

Internal Access Controls

  • Production Access: Limited to authorized personnel only
  • Access Management: IAM roles with least privilege principle, separate development and production environments
  • Access Reviews: Quarterly review of all access permissions
  • Access Revocation: Same-day removal following documented checklist

Data Protection & Privacy

Data Collection

Via Discord:

  • Discord usernames and IDs
  • Original messages (for context)
  • Message links

Via Game Plugins:

  • Only data explicitly sent by the game developer
  • Typically includes: player IDs, hardware specifications, game logs
  • No sensitive personal data (health, race, religion, sexual orientation, etc.)

Data Usage

  • Data used solely for feedback management purposes
  • No marketing or third-party sharing
  • No profiling or automated decision-making
  • AI categorization performed using AWS Bedrock (data remains within AWS infrastructure)

Data Retention & Deletion

  • Feedback Reports: Retained indefinitely by default; organizations can configure their own data retention period
  • Personal Data: Users can request PII removal at any time, processed within 30 days
  • Backups: Regular automated snapshots with defined retention period
  • Data Portability: Users can export all their data from their profile

User Rights

  • View your own personal data by authenticating
  • Download your data (GDPR data portability)
  • Request deletion of your PII
  • Public visibility of reports is configurable per project

GDPR Compliance

  • Privacy-first approach with minimal data collection
  • Data processing strictly limited to stated purposes
  • All data stored within EU (France)
  • User rights fully implemented (access, rectification, erasure, portability)
  • Privacy Policy: betahub.io/privacy

Security Operations

Monitoring & Logging

  • Application Monitoring: AWS CloudWatch with custom metrics and dashboards
  • Security Monitoring: Failed login attempts tracking, unusual API usage patterns detection
  • Uptime Target: 99.5% with continuous tracking

Vulnerability Management

  • Dependency Scanning: Snyk and GitHub Dependabot for continuous vulnerability scanning
  • Update Policy: Security patches applied immediately upon alert
  • Infrastructure Updates: Automatic OS patching through AWS Elastic Beanstalk
  • Instance Rotation: EC2 instances automatically replaced regularly

Incident Response

  • Incidents triaged and prioritized by severity
  • Critical issues addressed immediately
  • Incident commander assigned from core team
  • Customer notification within 72 hours per GDPR requirements
  • Post-incident review and documentation

Backup & Disaster Recovery

  • Backup Frequency: Daily automated snapshots
  • Multi-AZ Deployment: Automatic failover for database high availability
  • Tested recovery procedures in place

Compliance & Certifications

Current Compliance

  • GDPR compliant operations
  • EU data residency requirements met
  • Privacy by design principles implemented

Planned Certifications

  • ISO 27001 (Target: 2026)

Service Level Agreements

Uptime Commitment

  • Target: 99.5% availability
  • Monitoring: Continuous through AWS CloudWatch

Security Incident Communication

  • GDPR breach notification within 72 hours to authorities
  • Customer notification as soon as impact assessed
  • Full disclosure of impact and remediation steps

Contact

General Security Inquiries:

  • Email: security@betahub.io
  • Response time: Within 24 business hours

Data Protection Officer:

  • Piotr Korzuszek, CEO
  • Company: Upsoft

See Also

On This Page