Security

Last updated: 1 April 2026

Your safety is our top priority. OzLuckyDraw employs multiple layers of security to protect your personal information, financial data, and Account integrity.

1. Data Encryption

  • In transit: All communications between your device and our servers are protected with 256-bit TLS 1.3 encryption, the highest standard available.
  • At rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
  • Passwords: User passwords are never stored in plain text. We use bcrypt hashing with unique salts for each account.

2. Infrastructure Security

  • Hosted in ISO 27001 certified Australian data centres with 99.99% uptime SLA
  • Redundant systems with real-time failover and automated backups
  • DDoS protection and Web Application Firewall (WAF)
  • Network intrusion detection and prevention systems (IDS/IPS)
  • 24/7 security monitoring by dedicated operations team

3. Account Protection

  • Two-factor authentication (2FA): Available via authenticator app or SMS. Strongly recommended for all accounts.
  • Login monitoring: Alerts for logins from new devices or unusual locations.
  • Session management: Automatic timeouts after 30 minutes of inactivity.
  • Brute force protection: Accounts are temporarily locked after 5 failed login attempts.
  • Secure password requirements: Minimum 8 characters with complexity requirements.

4. Payment Security

  • Payment processing handled by PCI DSS Level 1 certified providers
  • We never store your full credit card number, CVV, or PIN
  • 3D Secure (Verified by Visa / Mastercard SecureCode) supported
  • All transactions are monitored for fraud in real-time

5. Fair Play Certification

  • Random Number Generator (RNG) independently audited and certified by Gaming Laboratories International (GLI)
  • Draw integrity verified through cryptographic sealing and public audit trails
  • Regular third-party audits of platform fairness and payout rates

6. Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please contact us at [email protected]. We commit to acknowledging reports within 24 hours and providing updates on remediation progress.

7. Your Responsibility

To help keep your Account secure:

  • Use a strong, unique password not shared with other services
  • Enable two-factor authentication
  • Never share your login credentials
  • Log out when using shared or public devices
  • Keep your device's operating system and browser updated
  • Report any suspicious activity to support immediately