This Encryption Policy explains how W.E Play protects your data using industry-standard encryption practices across all layers of our platform. We are committed to keeping your personal information, financial data, and communications secure.
1. Overview
W.E Play uses encryption to protect data at every stage: when it travels between your device and our servers (in transit), when it is stored on our servers (at rest), and when sensitive credentials are managed within our infrastructure. Our platform is hosted on Replit, which runs on Google Cloud Platform (GCP) data centers certified for ISO 27001 and SOC 2 Type 2 compliance.
2. Data in Transit
All communication between your browser or device and W.E Play servers is encrypted using modern transport security protocols.
- TLS 1.2+: All HTTP traffic is served exclusively over HTTPS using TLS 1.2 or higher. This prevents anyone from intercepting or reading the data as it travels across the internet.
- Automatic HTTPS: Our hosting platform (Replit) enforces HTTPS on all connections. HTTP requests are automatically redirected to HTTPS, so your connection is always encrypted.
- WebSocket Security: Real-time features such as messaging and video chat use encrypted WebSocket connections (WSS) to protect your conversations in transit.
- Third-Party API Calls: All communication between our servers and external services (Firebase, payment processors, content APIs) uses encrypted HTTPS connections.
3. Data at Rest
Your data is encrypted when stored on our servers and databases. We rely on multiple layers of encryption at rest provided by our infrastructure.
3.1 Database Encryption
- AES-256 Encryption: Our PostgreSQL database is hosted on Replit's infrastructure, backed by Google Cloud. All data stored in the database, including your account information, coin balances, messages, and game scores, is encrypted at rest using AES-256 server-side encryption.
- Automatic Key Management: Encryption keys are managed by Google Cloud's Key Management Service (KMS), which handles automatic key rotation and secure key storage. We never handle raw encryption keys directly.
- Firebase/Firestore: Data stored in Firebase Realtime Database and Firestore is encrypted at rest using AES-256 encryption, managed by Google's infrastructure.
3.2 File and Media Storage
- Uploaded content such as profile pictures and media files is stored on encrypted storage volumes.
- All storage uses server-side encryption, meaning your files are encrypted automatically without any action required from you.
4. Secrets and Credential Management
Sensitive configuration values like API keys, authentication tokens, and service credentials are handled with additional security measures.
- Replit Secrets Manager: All sensitive credentials (API keys, database passwords, authentication secrets) are stored using Replit's built-in Secrets tool, which encrypts values using AES-256 encryption at rest and transmits them over TLS-encrypted channels.
- Environment Isolation: Secrets are injected into the application environment at runtime and are never written to source code, log files, or version control.
- Access Controls: Only authorized server-side processes can access secrets. They are never exposed to client-side code or browser requests.
5. Password Security
- Hashing: User passwords are never stored in plain text. They are hashed using Werkzeug's secure password hashing (PBKDF2 with SHA-256 and random salt), which is a one-way process. Even we cannot read your password.
- Social Login: If you sign in with Google, Apple, or Facebook, authentication is handled directly by those providers using their own encryption and security standards. We never receive or store your social account password.
- Session Tokens: Login sessions use cryptographically signed session cookies to verify your identity without transmitting your credentials on each request.
6. Infrastructure Security
Our hosting platform provides enterprise-grade security at the infrastructure level.
- Google Cloud Platform: All data is hosted in GCP data centers in the United States, certified for ISO 27001 and SOC 2 Type 2 compliance.
- Private Network: All data-processing components operate within Replit's private network, protected by load balancing and Web Application Firewall (WAF) protection.
- Vendor Security: Replit conducts rigorous vendor security assessments for all third-party services in the data pipeline.
- SOC 2 Type 2: Replit has achieved SOC 2 Type 2 Attestation of Compliance, demonstrating ongoing commitment to security, availability, and confidentiality.
7. Payment Data Security
- W.E Play does not directly process credit card or bank account information. Payouts are handled through third-party payment providers (PayPal, Cash App, Apple Pay, Venmo).
- Your payout account identifiers (e.g., PayPal email or Cash App tag) are stored in our encrypted database and transmitted only over encrypted connections when processing payouts.
- Financial transaction records are protected with the same AES-256 encryption at rest that covers all database content.
8. Video Chat and Messaging Encryption
- Signaling: Video chat signaling data (used to establish peer-to-peer connections) is transmitted over encrypted WebSocket connections.
- WebRTC: Video and audio streams in peer-to-peer video chat use WebRTC, which encrypts all media streams by default using DTLS-SRTP encryption.
- Messages: Text messages between users are encrypted in transit (TLS) and stored encrypted at rest (AES-256) in our database.
9. Security Scanning and Monitoring
- Security Scanner: We use automated security and privacy scanning to identify and fix vulnerabilities, including dependency vulnerabilities and static analysis issues, before deployment.
- Regular Audits: Our infrastructure undergoes regular security assessments to ensure encryption standards remain current.
- Incident Response: We maintain incident response procedures to address any potential security events promptly.
10. Your Role in Keeping Data Secure
While we implement strong encryption across our platform, you also play an important role in protecting your account:
- Use a strong, unique password for your W.E Play account
- Do not share your login credentials with anyone
- Log out of your account on shared or public devices
- Keep your device software and browser up to date
- Be cautious of phishing attempts and only access W.E Play through our official website
11. Changes to This Policy
We may update this Encryption Policy as we adopt new security technologies or as our infrastructure evolves. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.
12. Contact Us
If you have questions about our encryption practices or data security, please contact us: