Security

Last updated: 8 July 2026

This page provides a high-level overview of how Proy Interactive Labs Ltd approaches security for Umati. It is intended as a practical summary for users, partners, and security researchers. It does not describe every control in our environment, and we may change our security measures over time as the Service evolves.

1. Scope

Umati is a browser-based, real-time multiplayer game platform. Our security work is focused on protecting account access, securing game sessions, limiting abuse, and reducing the risk of unauthorized access to user data and service infrastructure.

2. Account and access security

  • Users can access Umati using email and password, magic-link sign-in, or supported third-party identity providers such as Google and Discord.
  • Passwords are not stored in plain text. They are stored in hashed form through our authentication system.
  • We maintain server-side session records that may include metadata such as IP address and user agent to support authentication, account security, and abuse detection.
  • When a user joins a lobby without completing full account registration, the Service may create a temporary anonymous account or session so gameplay can function reliably.

3. Data handling and transport

  • We use encryption in transit to protect data exchanged between browsers and the Service.
  • User and gameplay data are stored in server-side systems needed to operate accounts, lobbies, scores, achievements, and related features.
  • We limit internal access to production data to what is reasonably necessary to operate, maintain, and secure the Service.

4. Third-party providers

We rely on third-party providers for parts of our infrastructure and operations, including hosting, authentication-related email delivery, analytics, and performance monitoring. These providers may process data on our behalf as part of delivering the Service.

Using third-party providers does not eliminate security risk, but we choose them to support the operation and security of the Service and seek to configure them appropriately for our use case.

5. Monitoring and abuse prevention

We use logging, session metadata, and application-level controls to investigate suspicious activity, protect account access, and reduce abuse such as cheating, spam, and service disruption.

6. Incident response

If we become aware of a security incident affecting personal data, we will investigate it and take appropriate containment and remediation steps. Where required by applicable law, we will notify affected users and relevant regulators.

7. Reporting vulnerabilities

If you believe you have found a security vulnerability in Umati, please report it to info@umati.games with enough detail for us to reproduce and investigate the issue.

  • Include affected URLs, steps to reproduce, and expected impact.
  • Do not access data that does not belong to you.
  • Do not disrupt gameplay, availability, or other users.
  • Do not use social engineering, physical attacks, spam, or denial of service techniques.

We do not currently advertise a public bug bounty program or formal response-time SLA for security reports, but we do want responsible reports sent to us privately.

8. Current limitations

No internet-connected service can guarantee absolute security. This page is also not a certification statement and should not be read as a promise that Umati meets any specific external security framework or audit standard unless we explicitly state that elsewhere.

9. Contact

Security questions can be sent to info@umati.games.