Skip to content Skip to footer

Modo/ARB Interactive Security Overview

As innovative social gaming experience creators, we put security at the center of everything we do.

We enforce a comprehensive set of security policies, standards and guidelines which include but are not limited to:
– Disaster Recovery Plan
– Acceptable Use
– Terms of Use
– Privacy Policy
– Data Breach Response
– Social Engineering Awareness Policy
– Risk Management Policy
– Incident Response Plan

All employees undergo a security awareness training and comprehensive background screening which includes a criminal record check. Additionally, all employees are required to sign a confidentiality agreement if they gain access to confidential information. Depending on the role, additional training on specific aspects of security is required. In the event that an employee, consultant, or contractor’s relationship with the company is terminated, all property in the custody of that individual is returned and all computer and work-related privileges of the individual are revoked.

All of our systems are monitored 24/7 by dedicated security personnel, incidents are responded to immediately and threats are identified proactively.

All third party vendors and solutions processing our data are comprehensively evaluated, risks are identified and a remediation plan is defined and followed through.

We host all our data on secure dedicated AWS cloud environment which complies with PCI-DSS, SOC 2, ISO 27001 among other security and privacy certifications.

We follow the rules and guidelines of various privacy regulations such as GDPR and CCPA. Please refer to our privacy policy for more information.

All data is encrypted at-rest using FIPS-compliant AES-256-GCM protocol and encrypted in-transit TLS 1.2 and 1.3
Codebase Segmentation – Separation of environments into dev, staging, production
AWS Security – No publicly exposed S3 buckets, CloudTrail alerts, GuardDuty, Cloud Security Posture Management
Vulnerability Scanning – Weekly Qualys scans of the perimeter, vulnerability remediation, hardcoded plaintext secrets detection
Email System Protection – Phishing reporting functionality, alert response by security personnel
Authentication and Authorization – MFA enforced on email system and VPN, VPN required for administrator access, Failed Login Attempts alert and response, Role-Based Access Control on the database
Endpoint Protection – MDM and Security Configuration Profile implemented on employee computers
Security Awareness Training – All employees have been sent a mandatory security awareness training covering the most common threats to ARB Gaming such as social engineering, phishing, MFA exhaustion attacks