OilAuthority.com

Security

Last updated: March 17, 2026

Our Commitment

Oil Authority takes the security of our platform and your data seriously. We implement industry-standard security practices to protect the confidentiality, integrity, and availability of the Site and all user information.

Infrastructure Security

  • Encryption in transit: All connections to oilauthority.com are encrypted using TLS 1.2+ (HTTPS). We enforce HSTS (HTTP Strict Transport Security) to prevent downgrade attacks.
  • Server hardening: Our servers run on hardened Linux instances with minimal attack surface. Unnecessary services and ports are disabled. Firewalls restrict access to essential services only.
  • Regular updates: Operating system and application dependencies are kept up to date with security patches applied promptly.
  • Access controls: Server access is restricted to authorized personnel using SSH key-based authentication. Root access is limited and audited.

Application Security

  • Authentication: User passwords are hashed using bcrypt with a high cost factor. Plain-text passwords are never stored or logged. Session tokens use cryptographically secure JWT with appropriate expiration.
  • Input validation: All user input is validated and sanitized server-side to prevent injection attacks (SQL injection, cross-site scripting).
  • CSRF protection: Form submissions are protected against cross-site request forgery using token-based verification.
  • Content Security Policy: We implement CSP headers to mitigate cross-site scripting and data injection attacks.
  • Rate limiting: API endpoints are rate-limited to prevent brute-force attacks and abuse.

Data Protection

  • No third-party data sharing: We do not sell, rent, or share your personal data with any third party. See our Privacy Policy for full details.
  • Database security: Our database is not exposed to the public internet. Access is restricted to the application server via local connections only.
  • Backups: Regular database backups are performed and stored securely to ensure data can be recovered in the event of hardware failure or data corruption.
  • Minimal data collection: We collect only the information necessary to operate the Site and provide our services. Analytics data is aggregated and anonymized.

Cookies and Tracking

We use essential cookies for authentication and Google Analytics for anonymous, aggregated usage analysis. Analytics data is used exclusively for internal purposes to understand which features and content are most popular with our users. No personally identifiable information is shared with Google or any other analytics provider. For more details, see our Privacy Policy.

Responsible Disclosure

If you discover a security vulnerability on the Site, we ask that you disclose it to us responsibly. Please report security issues to [email protected].

When reporting a vulnerability, please include:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any relevant screenshots or proof-of-concept code

We ask that you:

  • Do not access, modify, or delete data belonging to other users
  • Do not perform actions that could degrade the Site's availability
  • Give us reasonable time to investigate and address the issue before any public disclosure

We appreciate the security research community's efforts and will acknowledge valid reports. We will not pursue legal action against individuals who report vulnerabilities in good faith and in accordance with this policy.

Governing Law

This security policy and all matters relating to the security of the Site are governed by the laws of the Province of Alberta, Canada.

Contact

For security-related enquiries, contact [email protected].

For general legal and privacy questions, contact [email protected].

Terms of ServicePrivacy Policy