Incident Management & Response Policy
Purpose
How Rexplore responds when a security incident affecting Nakama or its users is suspected.
Detection and reporting
Incidents may be detected internally or reported to help@rexplore.xyz. All reports are reviewed within 24 hours.
Triage and containment
We assess scope and impact, then contain immediately — e.g. revoking and rotating credentials, disabling the affected function, or pausing the integration. Because tokens live only on user devices, server-side compromise cannot expose stored user tokens.
Assessment
We determine what data, if any, was affected, the root cause, and which users are impacted.
Notification
If an incident affects user data, we notify affected users without undue delay — and within 72 hours where the law (such as the GDPR) requires — describing what happened, what was affected and what we are doing.
Remediation and review
We fix the root cause, verify the fix, and run a post-incident review; lessons feed back into the Security and Vulnerability Management policies.