Enterprise-grade protection, continuous auditing, and full regulatory compliance. Your data is safe with us.
Our platform is continuously scanned by industry-standard security tools. These grades are publicly verifiable — scan us yourself.
TLS 1.3 encryption verified. Certificate chain, cipher suites, and protocol security all pass with the highest possible grade.
Perfect score — 10 of 10 security tests passed with bonus points. Validated by Mozilla's scanning infrastructure.
All protective HTTP response headers present and correctly configured, including CSP, HSTS, X-Frame-Options, and Referrer-Policy.
Black Crown runs entirely on SOC 2 certified infrastructure. Every layer of our stack — networking, compute, database, and deployment — is hosted by independently audited providers. All data is encrypted in transit (TLS 1.3) and at rest, with no credentials stored in plaintext or source code.
Industry-standard password hashing, short-lived sessions, multi-factor authentication, and compromised credential detection.
Role-based permissions with strict tenant isolation. Every query is scoped to the authorized organization. Deactivated accounts are blocked immediately.
All user input is validated and sanitized before processing. Queries are parameterized to prevent injection attacks. Output is sanitized to prevent cross-site scripting.
Adaptive rate limiting on all authentication endpoints. Automated lockout on repeated failures. Abuse detection at every entry point.
Comprehensive protective HTTP headers on every response, including content security policies, framing protection, and transport security enforcement.
All point transactions, redemptions, and rewards use atomic database operations — ensuring consistency even under concurrent load.
Explicit opt-in consent. Immutable audit trail. Send windows enforced (8am-9pm CT). Instant opt-out. "Reply STOP" on every message.
Illinois Gaming Board standards met. Points-only game rewards (no cash prizes). Responsible gaming helpline on all screens.
Physical address in email footer. One-click unsubscribe. Opt-out honored within 10 business days.
Security audits are conducted before every major release. Detailed audit reports are available to partners under NDA.
We welcome responsible security research. If you discover a vulnerability, please contact us directly.
Click to copy
We acknowledge receipt within 48 hours and provide a remediation timeline. We do not pursue legal action against good-faith security researchers.