Security Policy

Last Updated: September 8, 2025

Optionpath ("we," "us," or "our") operates the platform available at optionpath.pro. We are committed to protecting the security, integrity, and confidentiality of all data processed through our platform. This Security Policy describes the measures we take to safeguard our systems and your information.


1. Scope

This policy applies to all systems, infrastructure, applications, and data managed by Optionpath, including our web platform, backend services, databases, and third-party integrations used to deliver our online masterclass experience.


2. Data Protection Principles

We apply the following core principles to all data we handle:


3. Infrastructure Security

3.1 Hosting and Environment

Our platform is hosted on industry-standard cloud infrastructure with physical security controls including restricted access, surveillance, and environmental protections. Server environments are isolated and hardened against unauthorized access.

3.2 Network Security

3.3 System Hardening


4. Access Control

4.1 Principle of Least Privilege

Access to systems and data is granted on a need-to-know basis. Employees and contractors receive only the minimum level of access required to perform their responsibilities.

4.2 Authentication

4.3 Access Reviews

Access rights are reviewed periodically. Access is revoked promptly upon role change or termination of employment or contract.


5. Application Security

5.1 Secure Development Practices

Our development process incorporates security at every stage, including:

5.2 Dependency Management

Third-party libraries and components are reviewed for known vulnerabilities before use and updated regularly to incorporate security fixes.

5.3 Security Testing

We conduct periodic security assessments, including vulnerability scanning and code audits, to identify and remediate weaknesses before they can be exploited.


6. Data Storage and Encryption


7. Monitoring and Logging

We maintain comprehensive logging of system activity, authentication events, and administrative actions. Logs are retained for a defined period and protected against tampering. Automated monitoring alerts our team to anomalous behavior, potential intrusions, or system failures in real time.


8. Incident Response

8.1 Detection and Classification

Security incidents are identified through monitoring systems, internal reporting, and external disclosures. Incidents are classified by severity to determine the appropriate response priority.

8.2 Response Procedure

  1. Contain the incident to prevent further impact.
  2. Investigate the root cause and scope of the breach or vulnerability.
  3. Remediate the vulnerability and restore affected systems.
  4. Notify affected users and relevant parties as required.
  5. Document findings and implement measures to prevent recurrence.

8.3 Notification

In the event of a security breach that affects user data, we will notify affected users in a timely manner via email or platform notification, describing the nature of the incident and the steps taken in response.


9. Third-Party Services

We work with third-party providers for services such as payment processing, email delivery, and analytics. We evaluate these providers for their security practices and require that they maintain standards consistent with our own. We do not share sensitive personal data with third parties beyond what is necessary to deliver our services.


10. Employee and Contractor Security


11. Business Continuity and Backup

We maintain regular automated backups of critical data. Backups are tested periodically to verify integrity and restorability. Our infrastructure is designed for resilience, with redundancy measures to minimize downtime in the event of system failure.


12. Vulnerability Disclosure

If you discover a potential security vulnerability in our platform, we encourage responsible disclosure. Please report your findings to us at info@optionpath.pro with a clear description of the issue. We will acknowledge receipt, investigate promptly, and take appropriate action. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.


13. Policy Review

This Security Policy is reviewed at least annually or following any significant change to our systems, infrastructure, or applicable standards. Updates will be reflected on this page with a revised effective date.


14. Contact

If you have questions or concerns about this Security Policy or our security practices, please contact us:

Optionpath
3601 Hwy 7 Suite 400, Markham, ON L3R 0M3, Canada
info@optionpath.pro
+1 (450) 349-6969