HomeLegalSecurity Policy
LEGAL · Open Packaging Network

Security Policy

Operated by Polimex Trade Inc. · Reg. 737573816 · Richmond Hill, ON, Canada

Legal Pages
Terms of UsePrivacy PolicySecurity PolicyCookie PolicyMethodologyAbout OPNContact
Questions?
live@opnplatform.com

Our commitment

Polimex Trade Inc. applies industry-standard security practices across PackIndex and PACKIQ. This policy explains how we protect your account, your subscription data, and any data you submit to the platform.

Data in transit

All connections to opnplatform.com are encrypted using TLS 1.3. HTTP connections are automatically redirected to HTTPS. API calls between the platform and third-party data services are encrypted in transit.

Data at rest

Account data, subscription records, and usage analytics stored in our database are encrypted at rest. Payment data is never stored by OPN — all card and billing data is held exclusively by Stripe under PCI DSS Level 1 compliance.

Authentication & session security

Sessions are managed using short-lived JWT tokens stored in browser sessionStorage (not localStorage, not cookies). Tokens expire after 24 hours of inactivity or on browser close. Passwords are hashed using bcrypt with a minimum cost factor of 12.

Access controls

Production systems use role-based access controls. Database access is restricted to application service accounts with least-privilege permissions.

Third-party security

Stripe: PCI DSS Level 1 certified. DeepSeek AI: processes PACKIQ agent inputs in-session only under their API data processing terms. Neither third party receives your account credentials.

Vulnerability disclosure

If you discover a security vulnerability in PackIndex, please report it responsibly to live@opnplatform.com with subject: SECURITY. We will acknowledge receipt within 48 hours and aim to resolve confirmed issues within 14 days.

Incident response

In the event of a data breach affecting personal data, we will notify affected users and relevant supervisory authorities within 72 hours of discovery, in line with GDPR Article 33 obligations.

Limitations & honest disclosure

PackIndex is a growing platform. We apply security best practices but have not yet completed formal ISO 27001 certification or SOC 2 Type II audit. If your organisation requires formal security documentation before subscribing, contact live@opnplatform.com.

Open Packaging Network

Live packaging price intelligence and AI co-workers for procurement professionals.

PackIndex → PACKIQ →