Security Policy
Last Updated: September 8, 2025
Optionpath ("we," "us," or "our") operates the platform available at optionpath.pro. We are committed to protecting the security, integrity, and confidentiality of all data processed through our platform. This Security Policy describes the measures we take to safeguard our systems and your information.
1. Scope
This policy applies to all systems, infrastructure, applications, and data managed by Optionpath, including our web platform, backend services, databases, and third-party integrations used to deliver our online masterclass experience.
2. Data Protection Principles
We apply the following core principles to all data we handle:
- Confidentiality: Access to data is restricted to authorized personnel only.
- Integrity: Data is protected against unauthorized modification or corruption.
- Availability: Systems are maintained to ensure reliable and continuous access for authorized users.
- Accountability: All access and changes to sensitive data are logged and auditable.
3. Infrastructure Security
3.1 Hosting and Environment
Our platform is hosted on industry-standard cloud infrastructure with physical security controls including restricted access, surveillance, and environmental protections. Server environments are isolated and hardened against unauthorized access.
3.2 Network Security
- All data transmitted between users and our platform is encrypted using TLS 1.2 or higher.
- Firewalls and intrusion detection systems are in place to monitor and filter network traffic.
- Internal services are segmented and not exposed to the public internet unless required.
3.3 System Hardening
- Operating systems and software dependencies are kept up to date with security patches.
- Unnecessary services and ports are disabled on all production systems.
- Default credentials are never used; all system accounts use strong, unique credentials.
4. Access Control
4.1 Principle of Least Privilege
Access to systems and data is granted on a need-to-know basis. Employees and contractors receive only the minimum level of access required to perform their responsibilities.
4.2 Authentication
- All internal administrative access requires strong authentication, including multi-factor authentication where applicable.
- Passwords must meet complexity requirements and are never stored in plaintext.
- User sessions are managed with secure, time-limited tokens.
4.3 Access Reviews
Access rights are reviewed periodically. Access is revoked promptly upon role change or termination of employment or contract.
5. Application Security
5.1 Secure Development Practices
Our development process incorporates security at every stage, including:
- Code review with a focus on security vulnerabilities.
- Input validation and output encoding to prevent injection attacks.
- Protection against common web vulnerabilities including cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection.
5.2 Dependency Management
Third-party libraries and components are reviewed for known vulnerabilities before use and updated regularly to incorporate security fixes.
5.3 Security Testing
We conduct periodic security assessments, including vulnerability scanning and code audits, to identify and remediate weaknesses before they can be exploited.
6. Data Storage and Encryption
- Sensitive data at rest is encrypted using industry-standard algorithms.
- Database access is restricted and authenticated; databases are not publicly accessible.
- Backups are encrypted and stored securely with access controls equivalent to production systems.
- Passwords are stored using one-way cryptographic hashing with appropriate salting.
7. Monitoring and Logging
We maintain comprehensive logging of system activity, authentication events, and administrative actions. Logs are retained for a defined period and protected against tampering. Automated monitoring alerts our team to anomalous behavior, potential intrusions, or system failures in real time.
8. Incident Response
8.1 Detection and Classification
Security incidents are identified through monitoring systems, internal reporting, and external disclosures. Incidents are classified by severity to determine the appropriate response priority.
8.2 Response Procedure
- Contain the incident to prevent further impact.
- Investigate the root cause and scope of the breach or vulnerability.
- Remediate the vulnerability and restore affected systems.
- Notify affected users and relevant parties as required.
- Document findings and implement measures to prevent recurrence.
8.3 Notification
In the event of a security breach that affects user data, we will notify affected users in a timely manner via email or platform notification, describing the nature of the incident and the steps taken in response.
9. Third-Party Services
We work with third-party providers for services such as payment processing, email delivery, and analytics. We evaluate these providers for their security practices and require that they maintain standards consistent with our own. We do not share sensitive personal data with third parties beyond what is necessary to deliver our services.
10. Employee and Contractor Security
- All personnel with access to platform systems receive security awareness training.
- Personnel are bound by confidentiality obligations.
- Security responsibilities are clearly defined within our team.
- Workstations used to access production systems are required to use encrypted storage and current operating system versions.
11. Business Continuity and Backup
We maintain regular automated backups of critical data. Backups are tested periodically to verify integrity and restorability. Our infrastructure is designed for resilience, with redundancy measures to minimize downtime in the event of system failure.
12. Vulnerability Disclosure
If you discover a potential security vulnerability in our platform, we encourage responsible disclosure. Please report your findings to us at info@optionpath.pro with a clear description of the issue. We will acknowledge receipt, investigate promptly, and take appropriate action. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.
13. Policy Review
This Security Policy is reviewed at least annually or following any significant change to our systems, infrastructure, or applicable standards. Updates will be reflected on this page with a revised effective date.
14. Contact
If you have questions or concerns about this Security Policy or our security practices, please contact us:
Optionpath
3601 Hwy 7 Suite 400, Markham, ON L3R 0M3,
Canada
info@optionpath.pro
+1 (450) 349-6969