+1 (604) 761-4264 [email protected]

Security Policy

Last updated: July 1, 2025

This Security Policy describes the measures Gilmavuret takes to protect the confidentiality, integrity, and availability of information processed through gilmavuret.biz. By using our services, you acknowledge the practices described in this document.

1. Scope

This policy applies to all systems, infrastructure, applications, and data managed by Gilmavuret in connection with the delivery of financial modeling education services through gilmavuret.biz. It covers all users, employees, contractors, and third-party service providers who access or process data on behalf of Gilmavuret.

2. Information We Protect

We apply security controls to all categories of information collected and processed through our platform, including:

3. Infrastructure Security

3.1 Hosting and Network

Our services are hosted on infrastructure that maintains physical and logical access controls. Network perimeters are protected using firewalls, intrusion detection systems, and traffic monitoring. Access to production systems is restricted to authorized personnel only.

3.2 Data Encryption

All data transmitted between users and our platform is encrypted using TLS (Transport Layer Security). Sensitive data stored on our systems is encrypted at rest using industry-standard encryption algorithms. Encryption keys are managed and rotated according to documented internal procedures.

3.3 System Availability

We maintain redundant infrastructure components and backup procedures to support service continuity. Regular backups are performed and verified. Recovery procedures are tested periodically to confirm they function as expected.

4. Access Control

4.1 Principle of Least Privilege

Access to systems and data is granted based on the minimum permissions required to perform a given function. Access rights are reviewed regularly and revoked promptly when no longer necessary.

4.2 Authentication

Administrative access to internal systems requires strong authentication. We enforce password complexity requirements and support multi-factor authentication for sensitive access points. Default credentials are never used in production environments.

4.3 User Accounts

Users are responsible for maintaining the confidentiality of their login credentials. Accounts are locked after repeated failed authentication attempts. Users should contact us immediately at [email protected] if they suspect unauthorized access to their account.

5. Application Security

5.1 Secure Development

Security considerations are integrated throughout our software development lifecycle. Code changes undergo review processes before deployment to production. We follow established secure coding guidelines to reduce the risk of common application vulnerabilities.

5.2 Vulnerability Management

We monitor for newly disclosed vulnerabilities in software components and dependencies used in our platform. Critical patches and security updates are applied in a timely manner. We conduct periodic internal security assessments of our systems and applications.

5.3 Third-Party Components

Third-party libraries, integrations, and service providers are evaluated for security posture before adoption. We monitor third-party components for known vulnerabilities and apply updates as they become available.

6. Third-Party Service Providers

We work with external vendors to deliver portions of our service, including payment processing, hosting, and communications. These providers are selected based on their ability to meet adequate security standards. We limit the data shared with third parties to what is necessary for the intended purpose and require that such parties handle data in a manner consistent with this policy.

7. Incident Response

7.1 Detection and Response

We maintain procedures for detecting, reporting, and responding to security incidents. Upon identification of a confirmed security event, we take immediate steps to contain the issue, assess the scope and impact, and remediate the cause.

7.2 Notification

In the event of a security incident that materially affects user data, we will notify affected users without undue delay through available contact channels. Notifications will include information about the nature of the incident, the data involved, and the steps we are taking in response.

8. Employee and Contractor Security

All personnel with access to user data or internal systems are subject to confidentiality obligations. We conduct security awareness training to ensure that team members understand their responsibilities and can recognize common threats such as phishing and social engineering. Access is revoked promptly upon termination of employment or engagement.

9. Physical Security

Where applicable, physical access to facilities housing our infrastructure is controlled and monitored. Data is not processed or stored in locations that lack appropriate physical access restrictions.

10. Data Retention and Disposal

Data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable obligations. When data is no longer needed, it is securely deleted or rendered unrecoverable using appropriate disposal methods.

11. Monitoring and Logging

System and application activity is logged to support security monitoring, anomaly detection, and incident investigation. Logs are stored securely and access to them is restricted. Log data is retained for a defined period consistent with our operational and security requirements.

12. Responsible Disclosure

We welcome responsible reporting of potential security vulnerabilities in our platform. If you believe you have identified a security issue, please contact us at [email protected] with a detailed description of the issue. We request that you do not publicly disclose potential vulnerabilities until we have had a reasonable opportunity to investigate and address them. We commit to acknowledging reports promptly and communicating our findings to the reporting party.

13. Changes to This Policy

We may update this Security Policy from time to time to reflect changes in our practices, technology, or applicable requirements. The date at the top of this page indicates when the policy was last revised. Continued use of our services following an update constitutes acceptance of the revised policy.

14. Contact

Questions or concerns regarding this Security Policy may be directed to us at:

Gilmavuret
238 1re Av N, Saint-Nazaire, QC G8B 7W1, Canada
+1 604 761 4264
[email protected]
gilmavuret.biz