Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Gambling
Re: Betnomi | Project status & Refund Plan!
by
betnomi
on 24/11/2023, 15:21:00 UTC
@Mahdirakib, it is okay to be wrong sometimes. You don't always have to be right.

You have persistently made unfounded claims that went unchallenged. Our goal is not to mindlessly argue about trivial things. We have a complicated and delicate situation on our hands, and we are doing our best to resolve it. If you have constructive criticism or something useful to contribute, we welcome it. However, personal attacks and name-calling are unproductive.

As for questions regarding the database, let me clarify those.

We use AWS RDS cross-region with a disaster recovery plan in place. Also, we had a secondary ClickHouse database that operated as our data warehouse. It is not that we had a single instance database and lost it overnight. That is not possible with the sophisticated system architecture we had in place, and the production database access was limited to a single developer and myself with root access.

When we suspended our operations, we had to terminate some of our AWS resources because these services cost several thousands of dollars in monthly expenses. It doesn't make sense to keep them running when they are not being utilized.

At this point, we made the decision for the developer with the production database to take a backup and the DevOps engineer to terminate the services. This was the timeframe in which relationships went sour, etc. From this point, I no longer had access to any system or services. There was no technological or inappropriate handling of data in this case. It was purely a human factor. It can and does happen with many organizations. It is not a crime to trust people you work with.

The limited backup we have; the Curacao regulators require you to upload specific information to them once a week. This includes user ID, username, email, balance, last login date, IP, transactions, etc. They need to keep a copy on their own servers to be able to verify reports made by users against our claims. This is a must for every casino operator licensed with them.

Of course, we complied with this process, however, there was some information we deemed unnecessary and sensitive enough where the risk of sharing it outweighed the benefits. Such information would include the users' email addresses. We thought it was important that we protect our users' email addresses from third-party systems, not only with the Curacao regulator but even slots aggregators and sports providers.

We only share usernames and user IDs for identification and never email addresses. They are private and should be protected to the degree that is possible.

Whatever we have now is what we uploaded to the Curacao regulators. It has everything we need to be able to verify the information needed for the refund except for the email addresses. However, we have encrypted email logs from a promotion we ran sometime ago. We have our own ways to manually encrypt the submitted emails and run them against the logs to verify them. We can't send mass emails because they are encrypted, and no, before you ask, it is a one-way encryption.