Security

Last updated: June 10, 2026

TLS 1.3 SOC 2 vendors MFA Least privilege Encrypted at rest

Hosting and infrastructure

opticvaultmarketing.com is hosted on Netlify, with origin-to-edge encryption, automatic HTTPS via Let's Encrypt, and global CDN distribution. Client websites we build are hosted on Netlify, Vercel, or a comparable provider, all with TLS 1.2 or higher enforced.

Encryption

• In transit. All traffic between visitors and our sites uses TLS 1.2 or 1.3.
• At rest. Data stored with our subprocessors (CRM, payment processor, hosting) is encrypted at rest using AES-256 or equivalent.
• Credentials. API keys and OAuth tokens are stored in encrypted secret managers (1Password and our hosting platforms' secret stores) — never in plain text in code or email.

Access controls

• Multi-factor authentication is required on every account, including Google Workspace, our CRM, Netlify, Stripe, Twilio, and client Google Business Profile access.
• We use the principle of least privilege — team members get access to the systems they need, no broader.
• Access is revoked within 24 hours of a team member's departure.
• We do not share passwords by email or chat. Credentials are exchanged via password manager links or directly into provider UIs.

Payment data

Payments are processed by Stripe (PCI DSS Level 1). We do not store full card numbers, CVVs, or magnetic stripe data on our systems. Only the last 4 digits and the Stripe customer ID are visible to us for reconciliation.

SMS and call data

SMS and voice services are powered by Twilio and our CRM (HighLevel/GoHighLevel). Message content is encrypted in transit and at rest. Phone numbers are stored only as needed to send messages and honor opt-outs. STOP/HELP responses are processed automatically and logged for compliance audit.

Subprocessors

We rely on the following vendors to deliver our services. Each holds recognized security certifications (SOC 2 Type II, ISO 27001, or PCI DSS as applicable) and is bound by a Data Processing Agreement.

We update this list as vendors change. Material changes affecting client data will be communicated to clients in writing.

Backups and continuity

• Hosting providers run their own redundancy and backup schedules with 99.9%+ uptime SLAs.
• CRM data (contacts, automations, message history) is backed up nightly by our CRM provider.
• Site source code is versioned in Git with at least two remote copies.

Vulnerability management

• Dependencies and packages are kept current; security patches applied within 7 days of release for critical vulnerabilities.
• Our hosting providers run continuous threat monitoring at the network layer.
• We do not store passwords or sensitive PII on our own servers — we rely on certified vendors to do that for us.

Incident response

If we become aware of a security incident affecting client data, we will:

• Contain the incident and preserve relevant logs.
• Notify affected clients in writing within 72 hours of confirmation, describing the nature of the incident, the data affected, and remediation steps.
• Cooperate fully with regulators where notification is required by law (e.g., Florida Information Protection Act, CCPA, GDPR).

Your role

Security is shared. You help by:

• Using strong, unique passwords and enabling MFA on every account.
• Not sharing your CRM, GBP, or website admin password by email or chat.
• Keeping your contact list consented and up to date for any SMS or email campaigns.
• Reporting any suspected security issue to us promptly.

Reporting a vulnerability

Found a security issue? Email team@opticvaultmarketing.site with the subject line "Security report." We acknowledge reports within 2 business days. Please do not publicly disclose the issue until we've had a reasonable chance to respond.

Contact

Optic Vault Marketing
Miami, Florida
Email: team@opticvaultmarketing.site
Phone: (786) 406-0701