Security Policy
Our commitment
Polimex Trade Inc. applies industry-standard security practices across PackIndex and PACKIQ.
Data in transit
All connections to opnplatform.com are encrypted using TLS 1.3. HTTP connections are automatically redirected to HTTPS.
Data at rest
Account data, subscription records, and usage analytics are encrypted at rest using AES-256. Payment data is never stored by OPN — all card and billing data is held exclusively by Stripe under PCI DSS Level 1 compliance.
Authentication & session security
Sessions are managed using short-lived JWT tokens stored in browser sessionStorage. Tokens expire after 24 hours of inactivity or on browser close. Passwords are hashed using bcrypt (cost factor 12+).
Vulnerability disclosure
Report security vulnerabilities responsibly to packiq@opnplatform.com with subject: SECURITY. We will acknowledge within 48 hours and aim to resolve confirmed issues within 14 days.
Incident response
In the event of a data breach, we will notify affected users and relevant authorities within 72 hours of discovery, in line with GDPR Article 33 obligations.