Trust & Security

    ExperimentBets is built with security in mind. Here's how we protect your data.

    View Trust Center

    Encryption

    AES-256-GCM encryption for sensitive data, TLS for data in transit

    Secure Infrastructure

    Cloud-hosted with encrypted database connections

    Slack Authentication

    OAuth-based authentication through your Slack workspace

    Data Protection

    DPA available on request for enterprise customers

    Data Encryption

    We use industry-standard encryption to protect your sensitive data:

    • Data at Rest: Sensitive data including API keys and OAuth tokens are encrypted using AES-256-GCM with authenticated encryption
    • Data in Transit: All communications use TLS encryption
    • Passwords: User passwords are hashed using bcrypt with salt

    Authentication

    ExperimentBets uses Slack OAuth for user authentication:

    • Slack OAuth: Users authenticate through Slack, leveraging your workspace's existing security controls
    • Session Security: Sessions use HTTP-only, secure cookies with configurable expiration
    • Role-Based Access: Admin and member roles with appropriate permission boundaries

    Note: If your Slack workspace uses SSO (SAML), your team members benefit from your identity provider's security when authenticating to ExperimentBets through Slack.

    Infrastructure

    • Database: PostgreSQL database with encrypted connections and regular backups
    • Hosting: Cloud-hosted application infrastructure
    • Availability: 99.9% uptime target for production services

    System Status

    We monitor our systems 24/7 and provide real-time status updates:

    View Live Status Page

    Data We Store

    What We Store

    • User profile information (name, email, Slack ID)
    • Betting activity and leaderboard data
    • Experiment metadata synced from your experimentation platform
    • Encrypted API credentials for platform integrations

    What We Don't Store

    • Slack message content outside of ExperimentBets interactions
    • Raw experiment data or user event data from your experimentation platform
    • Payment card details (handled by Stripe)

    Data Retention

    Data is retained for the duration of your subscription. Upon account deletion or cancellation, we delete associated data within 30 days.

    Third-Party Services

    We integrate with the following third-party services:

    ServicePurpose
    SlackAuthentication & Notifications
    StripePayment Processing
    NeonDatabase Hosting
    AmplitudeExperiment Data (Optional)
    StatsigExperiment Data (Optional)

    Enterprise Customers

    For enterprise customers, we can provide:

    • Completion of security questionnaires
    • Data Processing Agreement (DPA)
    • Information about our security practices

    To discuss enterprise security requirements, contact us at security@experimentbets.com

    Vulnerability Reporting

    If you discover a security issue, please report it to security@experimentbets.com. We take security reports seriously and will respond promptly.

    Questions?

    For security inquiries or to request documentation:

    View Data Processing Agreement Privacy Policy