Home › Security & Trust

Security & Trust

Updated: June 2026

We build OptionProfit the way we would want a financial tool built for us: secure by default, private, and honest about what we do and do not do. Security here is not a badge — it is concrete engineering. This page sets out exactly how we protect your account and your data.

Your account is protected by mandatory two-factor authentication

Every OptionProfit account is secured with two-factor authentication (2FA) that cannot be turned off. We use authenticator-app (TOTP) codes — the six-digit codes from apps like Google Authenticator, Authy, Aegis or 1Password.

We deliberately do not use SMS text-message codes. SMS can be intercepted through SIM-swapping and mobile-network attacks, so it is the weakest common form of 2FA. Requiring an authenticator app instead means a stolen password alone is never enough to reach your account.

Everything travels encrypted

All traffic to and from OptionProfit is served exclusively over HTTPS/TLS. We enforce it with HSTS (HTTP Strict Transport Security), so browsers refuse to connect over an unencrypted channel.

We also send a full set of hardening headers on every response — a Content-Security-Policy, X-Content-Type-Options (nosniff), frame-protection, a Referrer-Policy and a Permissions-Policy — to reduce the risk of cross-site scripting, clickjacking and data leakage.

Responsible disclosure

We publish a machine-readable security.txt (RFC 9116) and welcome reports from security researchers. If you believe you have found a vulnerability, email security@options-strategies.com. Please give us reasonable time to fix an issue before disclosing it publicly; we do not pursue researchers acting in good faith.

What we do — and do not do — with your data

A note on "compliance"

We describe our security in terms of the concrete measures above rather than regulatory labels. OptionProfit is an independent educational tool, not a regulated financial entity; we align our engineering with recognised good practice — encryption in transit, strong authentication, least-data collection and responsible disclosure — because it is the right way to build, not for a badge.

Questions

Security questions or concerns? Email security@options-strategies.com or use our contact page.

About Us · Careers · Contact · Methodology · Disclaimer · Privacy Policy · Cookie Policy (EU) · Terms & Conditions · Security · Home