+1 (519) 848-3320 [email protected]
Posdanukel logo
Posdanukel Machine Learning for Financial Markets

Security Policy

Last Updated: August 20, 2024

Posdanukel ("we," "us," or "our") is committed to protecting the security of our platform, services, and the data entrusted to us by our users. This Security Policy describes the technical and organizational measures we implement to safeguard information processed through posdanukel.biz.

1. Scope

This policy applies to all systems, infrastructure, and processes used to deliver our online masterclass platform and related services. It covers data in transit, data at rest, personnel access, and third-party integrations.

2. Data Protection

2.1 Encryption in Transit

All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher). We enforce HTTPS across all pages and API endpoints. Unencrypted connections are automatically redirected to secure equivalents.

2.2 Encryption at Rest

Sensitive data stored on our servers is encrypted at rest using industry-standard encryption algorithms. Database backups are encrypted before being written to storage media.

2.3 Data Minimization

We collect and retain only the minimum amount of personal and operational data necessary to provide our services. Data that is no longer required is securely deleted or anonymized according to our retention schedules.

3. Access Controls

3.1 Principle of Least Privilege

Access to production systems and user data is restricted to personnel who require it to perform their job functions. Access rights are reviewed regularly and revoked promptly when no longer needed.

3.2 Authentication

All internal systems require strong authentication. Administrative access to critical infrastructure requires multi-factor authentication (MFA). Default or shared credentials are prohibited.

3.3 Role-Based Access

Access permissions are assigned based on defined roles. Privileged access is logged, monitored, and subject to periodic audits. Segregation of duties is enforced where operationally feasible.

4. Infrastructure Security

4.1 Network Security

Our infrastructure is protected by firewalls, network segmentation, and intrusion detection mechanisms. Traffic to and from production environments is filtered and monitored. Unnecessary ports and services are disabled by default.

4.2 Vulnerability Management

We conduct regular vulnerability scans of our systems and applications. Critical and high-severity vulnerabilities are prioritized for remediation. Security patches are applied to operating systems, libraries, and dependencies on a defined schedule.

4.3 Secure Development

Our development practices include code reviews, dependency audits, and testing for common security weaknesses. Sensitive credentials and secrets are never stored in source code repositories. Changes to production systems follow a controlled deployment process.

5. Monitoring and Logging

We maintain logs of system activity, authentication events, and administrative actions. Logs are stored securely and retained for a defined period to support incident investigation. Automated alerts notify our team of anomalous or potentially malicious activity.

6. Incident Response

6.1 Detection and Containment

We maintain an incident response process for identifying, containing, and remediating security incidents. Upon detection of a potential breach or unauthorized access, our team acts immediately to isolate affected systems and assess the impact.

6.2 Notification

In the event of a security incident that affects user data, we will notify impacted users in a timely manner consistent with our obligations and the nature of the event. Notifications will include a description of what occurred, the data potentially affected, and steps we are taking.

6.3 Post-Incident Review

Following any significant incident, we conduct a thorough review to identify root causes and implement measures to prevent recurrence.

7. Third-Party Service Providers

We work with third-party vendors and service providers who may process data on our behalf. We evaluate the security practices of these partners before engagement and require them to maintain appropriate security standards. Data processing agreements are in place where applicable.

8. Physical Security

Our services are hosted in data centres that maintain physical access controls, environmental safeguards, and continuous monitoring. Physical access to server infrastructure is restricted to authorized personnel only.

9. Business Continuity and Backup

We perform regular backups of critical data and systems. Backups are tested periodically to confirm recoverability. Our continuity planning includes procedures to maintain service availability in the event of infrastructure failure or disruption.

10. Employee Security Practices

All team members with access to systems or data receive security awareness training. Personnel are required to follow acceptable use policies, handle data responsibly, and report suspected security incidents immediately. Offboarding procedures include prompt revocation of all system access.

11. Responsible Disclosure

We encourage responsible reporting of potential security vulnerabilities. If you believe you have discovered a security issue affecting our platform, please contact us promptly at [email protected] before disclosing it publicly. We will investigate all credible reports and respond in good faith.

Please include in your report:

We ask that you do not access, modify, or delete user data during any testing, and that you allow us reasonable time to address the issue before any public disclosure.

12. Changes to This Policy

We may update this Security Policy from time to time as our practices evolve or as required by changes in technology and applicable standards. Material changes will be communicated through our platform or via email. The date at the top of this document reflects when it was last revised.

13. Contact Us

If you have questions about our security practices or wish to report a concern, please reach out to us through any of the following channels:

Method Details
Email [email protected]
Phone +1 519 848 3320
Mail 241 Wyandotte St E, Windsor, ON N9A 3H5, Canada