SECURITY
Protection for you and your playersGet peace of mind from security practices tailored exclusively for the games industry. 
Your safety is a top priority for us.
You trust us with your business and we don't take that lightly. We're committed to helping your game succeed and maintain complete transparency in our security program so you can make informed decisions and use our services confidently.
SECURITY
At Xsolla, security has two main goals: to safeguard the information your customers give you and that you entrust to us, and to ensure no one can create an account or complete a transaction using stolen data.
Multiple levels of protection for 360° defense
- Our systems have built-in fault tolerance, meaning all critical systems have redundancy to guard against single-point failures.
- Xsolla is SOC and PCI DSS certified, upholding secure industry standards for ecommerce transactions.
- We encrypt all sensitive data with Transport Layer Security (TLS) and Perfect Forward Secrecy (PFS).
- Distributed Denial of Service (DDoS) attack protection is active on our data servers.
Robust and scalable infrastructure architecture
- Xsolla systems have 99.95%+ uptime, with a global monitoring system.
- Our team is on-call 24/7, including weekends and holidays, with an escalation system to make sure the right people are connected and can quickly resolve issues.
- We perform multiple daily backups of all internal and external systems and services, with 30-day retention, for guaranteed data loss prevention.
- Our disaster recovery plan includes a backup standby data center in case the primary site has a major failure.
Industry-leading fraud prevention system
- Xsolla designed specialized technology for the games industry to prevent chargebacks, scammer fraud, and game key theft.
- Our proprietary machine-learning algorithm, encompassing over a decade of game and transaction data, filters out fraudulent traffic from approved transactions and enables cross-game blacklisting to defeat serial fraudsters.
- Our prevention parameters are configurable for different business models and game genres, allowing for region-specific limits and custom analyses of game-related data, like player registration dates, hours played, and in-game behavior.
- Each transaction undergoes multiple verification steps to prevent fraud no matter the payment method (bank cards, digital wallets, bank transfers, mobile payments, prepaid cards, cash, and more), including 3D Secure and a manual review of suspicious transactions.
PRIVACY
We continually work to find new ways to keep your data safe and deliver a trustworthy and secure experience for you and your customers.
We protect your personal information
- Xsolla 100% complies with industry regulatory standards, including EU General Data Protection Regulation (GDPR).
- We require all third parties with access to personal data (for purposes of providing services such as web hosting, order fulfillment, and data analysis and reporting) to process that information in compliance with our Privacy Policy. We authorize only limited use of such information and require these parties to use reasonable confidentiality measures.
Your private data belongs to you
- We collect the minimum data necessary for fulfillment and processing purposes; our use of that data is limited, used exclusively for purposes defined in our Privacy Policy.
- We store personally identifiable data for the minimum time necessary for fulfillment and processing purposes.
- You may decline to share personally identifiable data with Xsolla, withdraw your consent to process personal data, or request the withdrawal of information; in some cases, this will affect our ability to deliver certain features and functionality.
- We immediately remove or correct inaccurate personal data at your request. You may instruct Xsolla to remove your previously submitted personal data, and we will do it immediately if we no longer need such data for processing purposes.
- You may review and opt out of receiving personalized ads and sharing your information with third parties for direct marketing purposes at any time by visiting http://optout.aboutads.info.
COMPLIANCE
We regularly collaborate with partners and authorities worldwide to ensure our products and services are safe and meet or exceed industry and global standards for compliance, security, and privacy.
We follow global, local, and industry-specific laws and regulations
- As a Seller and Merchant of Record, Xsolla assumes liability for chargebacks or fraud, including all legal and financial responsibility and repercussions.
- We comply with several industry standards for payment processing, such as Visa's Third Party Agent Registration Program and Payment Card Industry Data Security Standard (PCI DSS) v3.2 Level 1, which means Xsolla meets the key security standards within the payments industry.
- We adhere to SSAE16 SOC-1 Type II and ISO 27001 standards via private servers colocated at Equinix, a certified Tier 3 data center recognized as one of the most reliable in the world.
We implement strong internal security measures
- We use ITIL-based service operations processes to maintain efficient service delivery, including event management, incident management, problem management, request fulfillment, and knowledge management.
- We regularly audit and update our internal legal review process, verifying compliance requirements against our security measures.
- We employ dedicated security and privacy teams and train employees to uphold internal and external policies, practices, and regulations.
Meet our payment partners worldwide
Xsolla works with a vast network of professional, reputable, and broad-reaching service providers. We seek regional and local payment partners who meet or exceed the same high standards.
HAVE MORE QUESTIONS
ABOUT SECURITY AT XSOLLA?
Our team is here to answer them.