Userplay is launching soonGet Started
Userplay
Discord0.8kGet Started
Browse security docs Toggle navigation

// Security · Policies

Incident Response

Last updated May 31, 2026

Definitions#

  • Incident — any event that adversely affects, or may adversely affect, the confidentiality, integrity, or availability of Userplay systems or customer data.
  • Security incident — an incident involving suspected or confirmed unauthorized access, malicious activity, or exposure of confidential information.
  • Confirmed breach — a security incident for which Userplay has reasonable evidence that customer data was accessed or exfiltrated by an unauthorized party.

Severity Levels#

SeverityDefinitionExamples
SEV-1Confirmed breach, total outage, or active compromiseUnauthorized data access; database leak; live attacker
SEV-2Significant security exposure or partial outageAuth bypass without confirmed exploit; multi-region degradation
SEV-3Localized incident with contained impactSingle customer issue; brief subprocessor outage
SEV-4Minor or potential issue, no customer impactSuspicious log pattern; unconfirmed vulnerability

Detection#

Userplay detects incidents through:

  1. Application and infrastructure monitoring — error rates, latency, anomalous traffic.
  2. Authentication anomalies — impossible-travel sign-ins, repeated failed access, privileged-action spikes.
  3. Subprocessor advisories and status pages.
  4. Reports from customers, testers, security researchers, or Userplay employees.

Anyone can report a suspected incident to security@userplay.io. Userplay acknowledges reports within two business days.

Response Lifecycle#

  1. Triage — Confirm the incident, assign initial severity, notify the incident lead.
  2. Containment — Stop the immediate impact: revoke credentials, block traffic, isolate affected data or systems.
  3. Eradication — Remove the root cause: patch the vulnerability, terminate malicious sessions, fix the bug.
  4. Recovery — Restore service and confirm normal operation. Validate the issue does not recur.
  5. Communication — Notify affected customers per the timelines below; update status.
  6. Post-mortem — Within 5 business days of incident closure, an internal post-mortem covering timeline, root cause, blast radius, response, and follow-up actions.

Customer Notification#

Userplay commits to notifying affected customers of a confirmed breach involving their data within 72 hours of confirmation, by email to workspace owners and any other contacts on file.

The notification will include:

  1. A description of what happened, what data was involved, and the time window.
  2. The actions Userplay has taken or is taking to contain and remediate.
  3. Recommended actions for the customer, if any.
  4. A point of contact for follow-up questions.

For SEV-1 availability incidents (outages not involving data breach), Userplay communicates through the public status page and, when material, via email to workspace owners.

Reporting a Security Issue#

Email security@userplay.io with:

  • A description of the issue and the affected URL or component.
  • A reproducer where possible.
  • The impact you observed and any timeline considerations.

Userplay will not pursue legal action against researchers who act in good faith, avoid harm to customers and testers, and comply with coordinated disclosure. A formal bug bounty program is not currently active, but Userplay may offer recognition at its discretion.