Security Policy

1. Philosophy

At OPXERA, security is not an afterthought; it is integral to our operations. We are dedicated to maintaining the trust of our clients by protecting the confidentiality, integrity, and availability of their data.

2. Access Control

• Authentication: We use industry-standard authentication mechanisms. Access to production systems is restricted to authorized personnel.
• Least Privilege: Employees are granted the minimum level of access necessary to fulfill their roles.
• MFA: Multi-factor authentication is enforced for all administrative access.

3. Data Encryption

Data is encrypted both in transit and at rest.

• In Transit: All data transmitted between our clients and our servers is encrypted using potentially strong versions of TLS.
• At Rest: Sensitive data stored in our databases is encrypted using AES-256 standard encryption.

4. Vendor Management

We carefully select our third-party vendors and service providers. We review their security posture and compliance certifications (such as SOC 2, ISO 27001) to ensure they meet our rigorous standards.

5. Incident Response

We maintain an Incident Response Plan (IRP) that outlines procedures for detecting, responding to, and recovering from security incidents. In the event of a data breach, we are committed to notifying affected parties in compliance with applicable laws.

6. Vulnerability Disclosure

We value the contributions of the security research community. If you believe you have found a vulnerability in one of our services, please report it to us immediately at [email protected]. We ask that you do not publicly disclose the issue until we have had a reasonable chance to address it.

7. Contact Security

For any security-related inquiries or to request a copy of our compliance reports, please contact our security team at [email protected].