Internal Access Policy

This policy describes how internal operators, administrators, and elevated-plan users should handle access inside CapitolTrades.

Least privilege

Access should be granted only to the features, organizations, and workflows needed for a person’s role. Elevated permissions should be reviewed regularly and removed when no longer needed.

Administrative actions

Site, company, and family administrators must use administrative tools only for legitimate operational, support, and security purposes. Sensitive actions should be traceable and limited to approved users.

Public and social publishing

Only authorized users may create social pushes, public share pages, promotional offers, or other outward-facing content. Content should be accurate, appropriately disclosed, and aligned with brand and compliance requirements.

Session and device security

Users must protect active sessions, avoid sharing credentials, and sign out of devices that are no longer trusted. Mobile session resume may require reauthentication for security reasons.

Incident handling

Suspected misuse, unauthorized access, disclosure issues, or data security concerns should be reported promptly to an administrator or security contact for investigation and remediation.