Focus of Security Program
Internal Information Security Program

We are dedicated to increasing security and reducing risk within 3Fun's digital environment. Using the least privilege paradigm, we proactively create secure access protocols and network architecture to enable systematic control of internal access to 3Fun's facilities, systems, and resources. The use of two-factor authentication (2FA) is required internally at 3Fun.

Application / Infrastructure Security

Security is developed and incorporated at all levels of our development lifecycle to help create better, safer products and to ensure secure design and engineering principles. Our internal teams perform rigorous security design evaluations and assessments on our applications and systems, including new features, code, and configuration modifications. Additionally, many of these applications and systems go through routine independent and rigorous pen tests via renowned third-party security experts.

Governance, Risk, and Compliance

At 3Fun, security awareness starts on day one and continues throughout the company. Every new employee receives security and privacy training the moment they start as well as on an annual basis. At 3Fun, security is everyone’s responsibility. To secure our systems and user data, physical, operational, and technical controls have been implemented and enforced, and we have also enforced security policies and procedure. In addition to performing extensive and rigorous internal security risk assessments, we also perform in-depth reviews of the security posture of our third-party vendors.

Red Team / Offensive Security

Our internal Red Team identifies previously unknown security vulnerabilities in current systems and workflows through offensive security testing. This team simulates real-world attacks on all aspects of the company and prioritizes improving security posture to address areas of greatest risk. Our aim is to gain insight into potential exposures, and to continuously test to decrease the likelihood of a breach.

Monitoring and Threat Management

We continuously log and monitor all access to our infrastructure and systems. 3Fun's security monitoring, investigation, threat hunting, and response program ensures that we are alerted to security incidents and that they are appropriately investigated, triaged, and remedied.

Confidentiality

Whether after or before participating in the Bug Bounty Program, notably as a result of you finding and/or investigating a security bug in our in-scope applications or infrastructure, you must keep any information you receive, collect or otherwise obtain about us, our services, our affiliates or any of our members, employees or agents in connection with our Bug Bounty Program (“Confidential Information”) confidential. It can only be used in connection with the Bug Bounty Program and cannot be disclosed to any third party. You may not use, disclose or distribute any such Confidential Information, including without limitation any information concerning your participation in our Bug Bounty Program and any Submission.

By participating in our Bug Bounty Program, you represent and warrant that you haven't used and won't use confidential information for anything other the program's purposes, and that you haven't shared or will not share it with any third parties.
By participating in our Bug Bounty Program, you represent and warrant that you have not used and will not use Confidential Information for any purpose other than in connection with the Bug Bounty Program and that you have not shared and will not share such Confidential Information with any third party.

Once a Submission is made, 3Fun reserves the right to request from you, and you already accept to abide by this request, to securely and irreversibly delete any data associated with such Submission, including, without limitation, any data about us, our services, our affiliates or any of our users, employees or agents. Additionally, you agree to securely and irreversibly delete any data associated with the Submission immediately upon it no longer being reasonably necessary to retain for the purposes of conveying the impact or scope of the reported issue, after verifying with 3Fun that it is no longer necessary, and/or if the Submission is closed, regardless of outcome.