Security

Security Practices Effective date: January 1, 2026

This Security Practices document applies to *.optionspartner.com and .optionspartner.se (the “Service”) operated by Optionspartner AB, company registration number 559214-5089, registered in the Kingdom of Sweden (“we”, “us”, “our”, or “Optionspartner”). The asterisk (*) denotes any valid prefix such as www or other applicable hosts.

Introduction

We take the security of your data and the security of the Service very seriously. Transparency is one of our core principles, which is why we aim to be as clear and open as possible about our security measures.

If you have any questions regarding our security practices, please contact us at security@optionspartner.com. We will respond as quickly as possible.

Confidentiality and Access Controls

We maintain strict controls over employee and contractor access to Customer Data (data you and your users make available through the Service, as defined in your agreement with us).

Only authorised personnel may access systems that store or process Customer Data, and only when strictly necessary — for example, to diagnose and resolve technical issues. All such access is logged and subject to technical controls and audit policies.

We prohibit the use of these permissions for any other purpose. All employees and contract personnel are bound by strict confidentiality obligations and security policies. We treat any breach of these rules as a matter of the highest importance.

Compliance and Hosting Environment

Our services are hosted on infrastructure provided by DigitalOcean, which maintains robust compliance certifications, including:

  • SOC 2 Type II and SOC 3 Type II reports (covering Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • PCI-DSS SAQ-A validation
  • Various colocation facility certifications (e.g., ISO 27001, ISO 22301, and others depending on the data center)

These certifications demonstrate a strong commitment to information security. For the latest details on DigitalOcean’s certifications and compliance, please visit: https://www.digitalocean.com/trust/certification-reports

Data Encryption

We encrypt all data in transit using up-to-date secure protocols and cipher suites (TLS 1.3 where possible). Customer Data is also encrypted at rest using strong industry-standard algorithms.

We continuously monitor the cryptographic landscape and promptly implement upgrades in response to newly discovered vulnerabilities or evolving best practices, while maintaining compatibility for legitimate older clients where required.

Availability and Resilience

We are committed to providing a highly available and reliable service. Our infrastructure is designed to be fault-tolerant against failures of individual servers, network components, or even entire data centers.

Our operations team conducts regular disaster-recovery testing and maintains an around-the-clock on-call rotation to respond rapidly to any incidents.

Disaster Recovery and Backups

Customer Data is stored redundantly across multiple locations within our hosting provider’s data centers to ensure high availability.

We maintain well-tested backup and restoration procedures, including automatic nightly backups of Customer Data and our source code. The operations team receives immediate alerts in the event of any backup failures.

Network Protection

We employ sophisticated system monitoring, logging, and intrusion detection capabilities. Production server access is protected by IP whitelisting, and firewalls are configured according to industry best practices (unnecessary ports are closed).

Host and Endpoint Management

We perform regular automated vulnerability scanning on production hosts and remediate any identified risks promptly. Company laptops and workstations are protected with full-disk encryption, automatic screen lockouts, and other endpoint security controls.

Logging and Monitoring

We maintain a centralised logging system that captures security events, access attempts, system performance, and availability metrics. Logs are analysed in real time using automated monitoring tools, with oversight by our security team.

Incident Management and Response

We have formal incident response policies and procedures in place. In the event of a security incident involving unauthorised access to Customer Data, we will notify affected customers promptly, in accordance with applicable legal requirements (including GDPR Articles 33 and 34 where relevant).

We regularly test and update our incident response plans to ensure effective containment, investigation, eradication, and recovery.

Security Audits and Reviews

We conduct internal security self-assessments on a quarterly basis. New features, significant functionality changes, and design updates undergo a security review process led by the security team.

Our codebase is subject to automated static analysis, manual peer review, and testing before deployment to production.

We also perform continuous hybrid automated scanning of our web platform and targeted audits of critical features.

Note: We do not currently engage external security firms for routine penetration testing of the entire platform, but we may do so for specific high-risk areas as needed.

Responsible Disclosure of Vulnerabilities

If you discover a potential security vulnerability in our Service, we encourage you to report it responsibly. Please contact us at security@optionspartner.com. We appreciate coordinated disclosure and will work with you to address the issue promptly.