Last Updated: 21/11/2025
This Security Policy outlines the measures World Airsoft Games (“we”, “our”, or “us”) implements to protect the confidentiality, integrity, and availability of data stored and processed on our website, player portal, sponsor portal, and related systems (“Platform”).
The purpose of this policy is to define security controls that safeguard user, team, and sponsor information processed through our Platform, which is hosted on Microsoft Azure in the UAE.
This policy applies to:
• All users accessing the Platform
• All administrators, event staff, and authorized personnel
• All systems, databases, and services connected to the Platform
• All third-party integrations and cloud services
Our Platform is hosted on Microsoft Azure (UAE region), using:
• Azure App Service for secure application deployment
• Azure SQL Database for structured data
• Azure Blob Storage for files and uploads
• Azure CDN and WAF for global performance and threat protection
• Azure Application Insights for monitoring and anomaly detection
Azure provides built‑in physical, network, and operational security.
We protect data through:
• Encryption in transit (HTTPS/TLS 1.2+)
• Encryption at rest (Azure-managed keys)
• Secure authentication tokens
• Restricted access controls
• Daily platform and database backups
• Audit logs for critical system events
• Only authorized staff may access administrative systems.
• Role-based access controls (RBAC) are enforced.
• Multi-factor authentication (MFA) is required for admin-level access.
• Temporary access is revoked immediately after task completion.
The Platform implements:
• Input validation and sanitization
• Secure session handling
• Rate limiting and bot protection
• Firewall rules for inbound/outbound traffic
• Regular vulnerability assessments
• Continuous monitoring for abnormal activity
Users are responsible for:
• Maintaining strong, unique passwords
• Keeping account credentials confidential
• Reporting unauthorized access immediately
We enforce:
• Secure password policies
• Session timeouts
• Email verification for new accounts
We use trusted third-party vendors that meet industry security standards:
• Supabase (authentication, database functions)
• Mailgun/SendGrid (email delivery)
• Cloudflare (CDN & DDoS protection)
• Analytics providers (Google, Meta)
All third parties must comply with applicable data protection laws.
In the event of a security incident:
• Threats are identified, contained, and mitigated
• Impact is assessed and logged
• Affected users are notified when required
• Systems are restored from secure backups if necessary
• Root cause is evaluated and remediated
• Data is retained only as long as necessary for operations or legal compliance.
• Secure deletion procedures are followed for expired or unneeded records.
• Backups are monitored and encrypted.
Authorized personnel receive training on:
• Cybersecurity best practices
• Data protection obligations
• Safe handling of user and team information
• Incident reporting procedures
Users agree not to:
• Attempt unauthorized access
• Exploit vulnerabilities or errors
• Upload malicious content, scripts, or malware
• Tamper with platform functionality
Violations may result in account suspension or legal action.
We may update this Security Policy periodically. Updates will be posted on this page with the revised date.
World Airsoft Games – Administration
Email: command@worldairsoftgames.com