Our commitment to security and cybersecurity

Protecting the information and systems entrusted to us is a core responsibility at ProDirectional. This page explains our approach to security and cybersecurity, the safeguards we maintain, and how to reach us with a cybersecurity concern.

Our security commitment

ProDirectional is committed to maintaining strong cybersecurity practices and safeguarding the confidentiality, integrity, and availability of the data and systems we are responsible for. Security and cybersecurity are treated as ongoing disciplines built into how we operate, not bolted on afterward.

We maintain administrative, technical, and physical safeguards designed to protect against unauthorized access, use, disclosure, alteration, or destruction of information. We review these safeguards on an ongoing basis and adapt them as threats, technologies, and our business evolve.

No organization, technology, or process can guarantee absolute security or cybersecurity, and no method of transmission or storage is completely secure. What we commit to is maintaining reasonable, industry-aligned safeguards and responding promptly and responsibly when issues arise.

Governance and accountability

Cybersecurity governance is supported at the leadership level and reinforced throughout the organization. Security is owned at the leadership level and supported across the organization. We assign clear responsibility for information security, maintain internal policies that govern how data and systems are handled, and review those policies periodically.

• Defined ownership for information security and cybersecurity risk management.
• Internal security policies and acceptable-use standards for our team.
• Periodic review of risks, controls, and access.

How we protect information

Our safeguards are layered so that a single point of failure is less likely to compromise the whole. Depending on the system and the sensitivity of the data involved, these measures may include:

Access control

Access to systems and data is granted on a least-privilege basis people and services receive only the access they need. We use authentication controls and review access periodically.

Access rights are reviewed periodically and removed promptly when they are no longer required, helping to ensure that access remains limited to authorized individuals and services.

Authentication and account protection

We use authentication controls designed to protect access to systems and accounts. Where appropriate, we employ measures such as multi-factor authentication and periodically review access rights to help ensure that access remains limited to authorized individuals and services.

Encryption

We use encryption to help protect sensitive information in transit and, where appropriate, at rest, using established, industry-standard protocols.

Network and infrastructure security

We employ protections such as firewalls, segmentation, and secure configuration of the infrastructure that supports our services.

Monitoring and detection

We maintain logging and monitoring designed to help detect unusual or unauthorized activity so that we can investigate and respond.

Our cybersecurity monitoring capabilities are designed to help identify unusual activity and support timely response to potential threats.

Logs and monitoring information are retained and reviewed as appropriate to support the detection, investigation, and response to potential security events.

Secure operations

We apply security updates and patches in a timely manner, follow secure configuration practices, and work to reduce known vulnerabilities across our environment.

We maintain processes intended to identify and address known vulnerabilities and to apply security updates and patches in a timely manner.

Secure development practices

Security considerations are incorporated throughout the software development lifecycle. We work to identify and address potential risks through secure coding practices, dependency management, code review processes, and ongoing efforts to remediate identified vulnerabilities.

Business continuity and backup

We maintain backup and recovery procedures intended to support the availability and resilience of our systems and services. These measures are designed to help us recover from operational disruptions and maintain continuity where reasonably possible.

Cloud infrastructure

Our services may rely on reputable cloud service providers that maintain robust physical and environmental safeguards. We leverage the security capabilities provided by these platforms alongside our own administrative and technical controls.

Data protection and privacy

Our security and cybersecurity practices work alongside our privacy practices. We collect and use information in line with our Privacy Policy and applicable data protection laws that govern our operations and the jurisdictions in which we conduct business.

We aim to limit the data we hold to what we need, retain it only as long as necessary, and apply appropriate safeguards throughout its lifecycle.

Third-party and vendor security

We rely on selected service providers and partners to operate our business. Because the security of an organization is connected to the security of the parties it works with, we take reasonable steps to evaluate the security practices of vendors who handle data or systems on our behalf and to hold them to appropriate standards.

Where appropriate, we seek to ensure that vendors and service providers maintain safeguards consistent with the nature of the services they provide.

Incident detection and response

Cybersecurity threats are a reality faced by organizations of every size and across every industry. We maintain processes designed to detect, assess, contain, and respond to security incidents, and to learn from them.

In the event of a security incident affecting information for which we are responsible, we are committed to:

• Investigating promptly and taking steps to contain and remediate the issue.
• Notifying affected parties and relevant authorities where required by applicable law.
• Reviewing the event and strengthening our safeguards to reduce the likelihood of recurrence.

Team awareness and training

People are a critical part of security. We work to build cybersecurity awareness across our team and provide guidance to help personnel recognize and avoid threats such as phishing and social engineering.

Standards and continuous improvement

Our cybersecurity program aligns with recognized industry practices and frameworks, and we treat security and cybersecurity as processes of continuous improvement rather than fixed states. As threats and technologies change, we revisit and update our safeguards accordingly.

If ProDirectional obtains formal security certifications or attestations, details regarding those certifications may be provided here. No certification or attestation should be inferred unless expressly stated.

Responsible disclosure

We welcome reports from security researchers and individuals acting in good faith. If you believe you have identified a cybersecurity vulnerability, we encourage responsible disclosure and ask that you provide sufficient information to help us understand and investigate the issue.

We ask that researchers avoid actions that could disrupt services, compromise data, or negatively affect other users, and that they refrain from publicly disclosing vulnerabilities until we have had a reasonable opportunity to investigate and address them.

Reporting a security concern

If you believe you have found a cybersecurity vulnerability, or have a security or cybersecurity concern related to ProDirectional, we encourage you to let us know. We appreciate responsible disclosure and will review reports we receive.

Security contact: [email protected]

Please include enough detail for us to reproduce and understand the issue. We ask that you do not publicly disclose a potential vulnerability until we have had a reasonable opportunity to investigate and address it.

Security is a shared responsibility

Security and cybersecurity are shared responsibilities between ProDirectional, our personnel, service providers, and our users. Users are encouraged to protect their credentials, use strong passwords, enable multi-factor authentication where available, and promptly report suspicious activity or cybersecurity concerns.

Questions

For general questions about this page or our security and cybersecurity practices, please contact us through the contact information available on our website.

Last updated

Last updated: June 16, 2026.

We review this page periodically and may update it to reflect changes in our security and cybersecurity practices, technology, or applicable law.