OpsLinkCAD – Security Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

OpsLinkCAD (“the Service”) is operated by OpsLink Systems. This Security Policy outlines the technical, organizational, and operational security measures we use to protect your data and ensure a safe environment for all users.

---

1. Security Philosophy

OpsLink Systems follows a “security-first” approach. This means:

• We design features with safety and integrity as core requirements
• We use industry-standard encryption and security practices
• We limit internal access to only what is required
• We continuously review our infrastructure

---

2. Infrastructure Security

2.1 Server Protection

• Servers hosted with hardened, reputable cloud providers
• Firewall rules restricting unauthorized access
• Access logging and automated intrusion detection

2.2 Network Security

• Traffic encryption using HTTPS/TLS 1.2+
• Rate limiting to prevent abuse and flooding
• Protection against common web vulnerabilities (XSS, CSRF, SQL injection)

---

3. Data Security

3.1 Encryption

• Passwords encrypted using industry-standard hashing
• All data transmitted over TLS
• Sensitive billing data stored only by Stripe

3.2 Data Isolation

• Each community’s operational data is isolated logically
• No community has access to another’s data

3.3 Logging

• Security events may be logged for investigation
• Error logs never include sensitive information

---

4. Access Controls

• Strict internal role-based access control
• Only essential OpsLink Systems personnel may access systems
• No external parties may access user data
• Two-factor authentication is used internally where applicable

---

5. Application Security

• Continuous monitoring for suspicious activity
• Ongoing patching and maintenance
• Regular internal security reviews of code and endpoints
• Protection against brute-force attempts

---

6. Payment Security

All payment processing and card data is handled exclusively by Stripe, a PCI-compliant provider. OpsLinkCAD does not store or process full payment card numbers at any time.

---

7. Incident Response

In the event of a suspected or confirmed security incident, OpsLink Systems will:

• Investigate immediately
• Contain the issue
• Mitigate further impact
• Notify affected users when required

---

8. Responsible Disclosure

If you believe you have discovered a vulnerability in OpsLinkCAD, you must report it responsibly.

All security reports must be submitted through our official Discord server:

Join here

We do not accept reports via email or external channels.

---

9. User Responsibilities

You agree to:

• Keep your password secure
• Use a strong, unique password
• Not attempt to bypass, exploit, or interfere with system security
• Report vulnerabilities responsibly and promptly

---

10. Changes to This Policy

OpsLink Systems may update this Security Policy at any time. Your continued use of OpsLinkCAD constitutes acceptance of all updates.