Security Information

Last updated: 14 August 2025

Our security practices comply with Australian Government Information Security Manual (ISM) and industry best practices.

1. Data Encryption & Transmission Security

We implement bank-grade security measures to protect your information:

• TLS 1.3 Encryption: All data transmitted between your device and our servers
• Perfect Forward Secrecy: Each session uses unique encryption keys
• HSTS Implementation: Enforced secure connections for all communications
• Certificate Pinning: Additional protection against man-in-the-middle attacks

2. Infrastructure Security

Our infrastructure meets Australian Government security standards:

• Australian Data Centres: Primary servers located in Australia with 24/7 physical security
• Access Controls: Multi-factor authentication and role-based access to all systems
• Network Segmentation: Isolated environments for different system components
• Redundancy: Multiple backup systems and disaster recovery procedures
• Monitoring: 24/7 security monitoring and intrusion detection systems

3. Data Storage Security

Your personal information is protected through multiple security layers:

• Encryption at Rest: AES-256 encryption for all stored data
• Database Security: Encrypted databases with restricted access
• Key Management: Hardware security modules for encryption key protection
• Backup Security: Encrypted, geographically distributed backups
• Data Minimisation: We only store necessary information

4. Account Security

Protect your account with these security practices:

• Strong Passwords: Use unique passwords with 12+ characters, including letters, numbers, and symbols
• Two-Factor Authentication: Enable 2FA when available for extra protection
• Secure Devices: Only access your account from trusted devices
• Regular Reviews: Check your account activity regularly
• Logout: Always log out from shared or public devices

5. Payment Security

Although we're a social casino, if payment processing is involved:

• PCI DSS Compliance: Payment Card Industry Data Security Standards
• Tokenisation: Credit card numbers are never stored directly
• Trusted Processors: Only reputable, certified payment processors
• Fraud Detection: Advanced algorithms to detect suspicious activity

6. Privacy & Security by Design

Security is built into every aspect of our service:

• Privacy by Design: Data protection considered in all system design
• Minimal Data Collection: We collect only necessary information
• Regular Audits: Independent security assessments and penetration testing
• Staff Training: Regular cybersecurity training for all employees
• Incident Response: Comprehensive breach response and notification procedures

7. Compliance & Certifications

Our security practices meet or exceed:

• Australian Privacy Act 1988: Full compliance with privacy requirements
• Notifiable Data Breaches Scheme: Rapid response and notification procedures
• Australian Government ISM: Information Security Manual guidelines
• ISO 27001 Principles: International security management standards
• SOC 2 Type II: Service Organization Control compliance

8. Threat Protection

We actively protect against modern cybersecurity threats:

• DDoS Protection: Advanced protection against distributed denial-of-service attacks
• Web Application Firewall: Real-time protection against web-based attacks
• Malware Protection: Advanced threat detection and prevention
• Vulnerability Management: Regular security scans and prompt patching
• Fraud Prevention: Machine learning algorithms to detect suspicious patterns

9. Age Verification Security

Given Australian legal requirements for age verification:

• Secure Verification: Encrypted transmission of verification documents
• Data Minimisation: Verification data deleted after confirmation
• Third-Party Services: Only certified, compliant verification providers
• Audit Trail: Secure logging of all verification activities

10. Incident Response

In the event of a security incident:

• Immediate Response: 24/7 incident response team activation
• Containment: Rapid isolation and mitigation of threats
• Investigation: Forensic analysis to determine impact and cause
• Notification: Timely notification to authorities and affected users as required
• Recovery: Systematic restoration of secure services

11. User Security Responsibilities

Help us keep your account secure by:

• Using strong, unique passwords
• Keeping your device software updated
• Not sharing account credentials
• Reporting suspicious activity immediately
• Using secure internet connections (avoid public Wi-Fi for sensitive activities)

12. Reporting Security Issues

If you discover a security vulnerability or suspicious activity:

• Security Team: security@outbackfortune.com
• General Support: support@outbackfortune.com

We follow responsible disclosure practices and may offer recognition for valid security reports.

13. Regular Security Updates

We continuously improve our security through:

• Monthly security patches and updates
• Quarterly security assessments
• Annual penetration testing
• Ongoing staff security training
• Industry security standard monitoring

14. Transparency & Communication

We believe in security transparency and will:

• Promptly communicate any security incidents
• Provide regular security updates to users
• Publish annual security and transparency reports
• Maintain open dialogue with the cybersecurity community