Version: 6.0 · Effective Date: June 15, 2026 · Last Updated: June 15, 2026
EXECUTIVE SUMMARY
brainCloud is a cloud-based Backend-as-a-Service (“BaaS”) platform supporting game developers, studios, publishers, and enterprise customers operating mobile, console, PC, web, and cross-platform applications.
brainCloud provides backend services including authentication, player management, cloud code, analytics, matchmaking, multiplayer services, commerce, live operations, messaging, AI integrations, and platform integrations.
Security, privacy, reliability, and operational transparency are fundamental principles of the brainCloud platform.
This Security Overview provides a high-level description of brainCloud’s security governance, operational safeguards, privacy practices, infrastructure protections, and security controls.
This document should be read together with the:
Additional security, privacy, operational, and compliance information is available through the brainCloud Trust Center at https://getbraincloud.com/trust/.
SECURITY PRINCIPLES
brainCloud’s security program is guided by:
brainCloud maintains an information security program designed to support the confidentiality, integrity, and availability of systems, services, and information.
The program is supported through documented policies, operational procedures, technical controls, risk management processes, and ongoing review activities.
Security considerations are incorporated throughout product development, infrastructure operations, customer support, supplier management, and business operations.
brainCloud maintains documented policies addressing areas including:
Policies are periodically reviewed and updated to reflect evolving technologies, threats, legal requirements, and operational practices.
Security controls, operational procedures, and governance practices are reviewed and improved on an ongoing basis.
Lessons learned from operational activities, incidents, customer feedback, and risk assessments may be incorporated into future improvements.
brainCloud utilizes a risk-based approach to security and operational management.
Security risks may be identified through:
Identified risks are evaluated based on:
Security is a shared responsibility between brainCloud and its customers.
| Responsibility Area | brainCloud | Customer |
|---|---|---|
| Platform Infrastructure | ✓ | |
| Platform Availability | ✓ | |
| Platform Security Controls | ✓ | |
| Customer Applications | ✓ | |
| End User Management | ✓ | |
| Customer Content | ✓ | |
| Data Classification | ✓ | |
| Integrations | ✓ |
Customers remain responsible for the security of their applications, business processes, end users, integrations, credentials, and data processing activities.
Certain customers may operate brainCloud using private deployment or Bring Your Own Cloud (“BYOC”) models.
In such arrangements, responsibility for infrastructure security, operating systems, networking, cloud services, and related controls may reside with the customer.
Applicable responsibilities are governed by separate commercial agreements.
brainCloud maintains access control measures designed to limit access to authorized personnel.
Access is granted according to business requirements and operational responsibilities.
Access permissions may be assigned according to job responsibilities and operational needs.
Administrative access is restricted to authorized personnel with legitimate operational requirements.
Access rights may be periodically reviewed and adjusted as responsibilities change.
Processes exist to support account provisioning, modification, suspension, and removal.
Security considerations are incorporated throughout the software development lifecycle.
Security requirements may be considered during architecture and design activities.
Development practices may include:
Software may undergo testing and validation activities before deployment.
Changes to production systems are governed by change management procedures intended to reduce operational risk.
Production deployments are managed through established operational processes.
brainCloud services are hosted using cloud infrastructure providers and supporting operational services.
Public BaaS services currently support deployment on:
Infrastructure protections may include:
Operational architectures may incorporate redundancy and resilience measures designed to support service availability.
brainCloud utilizes cryptographic technologies intended to protect information during storage and transmission.
Information transmitted across networks may be protected using secure communication protocols.
Stored information may be protected using encryption technologies where appropriate.
brainCloud maintains key management practices intended to support secure use of cryptographic controls.
Information may be classified and handled according to sensitivity and operational requirements.
Retention and deletion practices are governed by documented policies and applicable legal requirements.
brainCloud maintains monitoring and logging capabilities designed to support operational awareness and security activities.
Monitoring activities may include:
Operational and security events may be logged to support:
Monitoring systems may generate alerts when operational or security thresholds are exceeded.
brainCloud maintains processes intended to identify, evaluate, prioritize, and remediate vulnerabilities.
Vulnerabilities may be identified through:
Potential vulnerabilities are reviewed and assessed according to risk and operational impact.
Remediation efforts may include:
Security vulnerabilities reported through approved channels are reviewed and investigated.
brainCloud maintains operational practices designed to support resilience and recovery.
Operational backups may be utilized to support restoration activities.
Recovery procedures are maintained to support restoration of affected systems and services.
Business continuity planning activities are intended to support continued operation during disruptive events.
brainCloud utilizes third-party providers to support:
brainCloud maintains supplier management processes intended to evaluate and manage supporting providers.
AI providers are subject to the same general supplier management and subprocessor review processes applied to other third-party providers.
Current subprocessors are identified in the brainCloud Subprocessor List.
brainCloud supports customer privacy obligations through technical, operational, and administrative safeguards.
Privacy-related activities are governed by:
Customers remain responsible for determining the legality of their collection, use, disclosure, and processing of personal information.
Cross-border data processing activities are governed by applicable agreements and legal requirements.
brainCloud maintains incident response procedures intended to support:
Security incidents are evaluated according to their nature, severity, and potential impact.
Where required by law, contractual obligations, or operational necessity, notifications may be provided to affected customers.
Operational reviews may be conducted following significant incidents to identify improvements and corrective actions.
brainCloud personnel may receive security awareness and operational training designed to support responsible handling of systems, information, and customer data.
Training activities may include:
Security inquiries, vulnerability reports, and security-related questions may be directed to:
Security Contact: <se******@***********ud.com>
Additional information is available through:
Customers may refer to the following documents for additional information:
DISCLAIMER
This Security Overview is provided solely for informational purposes.
Nothing contained in this document creates contractual commitments, warranties, certifications, service level guarantees, or representations beyond those expressly set forth in applicable agreements.
brainCloud may update this document from time to time as technologies, operational practices, legal requirements, and security programs evolve.
We’ll get back to you as soon as we can.
