Security Practices

Last updated: February 2, 2026

1. Overview

Cloud Path Strategies, LLC ("Company," "we," "us," or "our") is committed to maintaining commercially reasonable security practices to protect the confidentiality, integrity, and availability of our services and the data we process.

This page describes our high-level security practices and safeguards. We aim to implement security measures that are appropriate for the nature of our services and the data we handle. Security is an ongoing process, and we continuously work to improve our security posture.

This page provides general information about our security practices and is not intended to be exhaustive or to create any legal obligations beyond those set forth in our Terms of Service and Data Processing Addendum.

2. Administrative Safeguards

We implement administrative safeguards to help ensure the security of our services and data. These include, but are not limited to:

  • Security policies and procedures that are reviewed and updated as appropriate
  • Access control principles based on the principle of least privilege
  • Employee training on security awareness and best practices
  • Background checks and confidentiality obligations for personnel with access to sensitive data
  • Regular review of access rights and permissions
  • Separation of duties where appropriate

Access to systems and data is granted on a need-to-know basis and is regularly reviewed. We aim to ensure that only authorized personnel have access to systems and data necessary for their job functions.

3. Technical Safeguards

We implement technical safeguards designed to protect data and systems. These include, but are not limited to:

Encryption

We aim to use encryption in transit and at rest, where commercially reasonable and appropriate for the data being protected. Encryption in transit helps protect data as it moves between systems, while encryption at rest helps protect stored data.

Access Controls

We implement access controls based on the principle of least privilege, ensuring that users and systems have only the minimum access necessary to perform their functions. Authentication mechanisms are used to verify the identity of users and systems accessing our services.

Monitoring and Detection

We monitor our systems and networks for security events and anomalies. We aim to detect and respond to potential security incidents in a timely manner, though we do not guarantee specific detection or response times.

System Hardening

We apply security configurations and hardening measures to our systems as appropriate, including regular security updates and patches.

4. Operational Security

We implement operational security measures to help maintain the security and reliability of our services. These include, but are not limited to:

  • Change management processes to help ensure that changes to systems are reviewed and tested appropriately
  • Regular backups of data and systems, where applicable
  • Logging and monitoring of system activities and security events
  • Regular security assessments and reviews
  • Incident response procedures
  • Business continuity and disaster recovery planning, as appropriate

We aim to maintain logs of security-relevant events and activities. Logs are retained for a period that we determine is commercially reasonable and appropriate.

5. Incident Response

We maintain incident response procedures to help detect, respond to, and recover from security incidents. Our incident response process includes:

  • Detection and analysis of potential security incidents
  • Containment and mitigation of incidents
  • Recovery and restoration of affected systems
  • Post-incident review and lessons learned

In the event of a security incident that affects your data, we aim to notify you as required by applicable law and our contractual obligations. We will provide information about the incident as we are able, subject to security and legal considerations.

We do not guarantee specific notification timelines, as the nature and scope of incidents vary. We will work to provide notifications in a timely manner as appropriate under the circumstances.

6. Vulnerability Reporting / Responsible Disclosure

We take security vulnerabilities seriously and appreciate responsible disclosure of potential security issues. If you discover a security vulnerability in our services, we encourage you to report it to us.

Please report security vulnerabilities to us at the contact information provided below. When reporting a vulnerability, please include:

  • A description of the vulnerability
  • Steps to reproduce the issue, if applicable
  • The potential impact of the vulnerability
  • Any suggested remediation, if you have one

We ask that you:

  • Act in good faith and avoid accessing or modifying data that does not belong to you
  • Avoid disrupting our services or the services of other users
  • Give us a reasonable time to address the vulnerability before publicly disclosing it
  • Keep the vulnerability confidential until we have had an opportunity to address it

We will work to acknowledge receipt of vulnerability reports and will investigate and address reported vulnerabilities as appropriate. We appreciate your cooperation in helping us maintain the security of our services.

7. Third-Party Risk

We may use third-party service providers and vendors to help operate our services. We aim to evaluate the security practices of third parties as appropriate and to ensure that third parties handle data in accordance with our security and privacy requirements.

Third-party service providers may have access to data as necessary to provide their services to us. We require third parties to maintain appropriate security measures and to comply with applicable data protection requirements.

We are not responsible for the security practices of third parties beyond our contractual arrangements with them. However, we aim to work with third parties that maintain commercially reasonable security practices.

8. Changes to This Page

We may update this Security Practices page from time to time to reflect changes in our security practices, improvements we have made, or updates to security standards and best practices.

When we make material changes to this page, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about our security practices.

This page is provided for informational purposes and does not create any legal obligations beyond those set forth in our Terms of Service and Data Processing Addendum.

9. Contact Information

If you have questions about our security practices or wish to report a security vulnerability, please contact us at:

Cloud Path Strategies, LLC

Email: support@CloudPathStrategies.com

For security-related matters, please include "Security" in the subject line of your email to help ensure your message is routed appropriately.