Domain Logo
Domain

Security Policy

Last Updated: June 23, 2025

Domain is committed to protecting the security and integrity of your data. This Security Policy outlines the measures we implement to safeguard information collected through our platform and the responsibilities shared between our organization and our users.

1. Information Security Commitment

We prioritize the protection of all data entrusted to us by implementing industry-standard security practices and continuously monitoring our systems for potential vulnerabilities. Our security framework is designed to prevent unauthorized access, disclosure, alteration, or destruction of information.

2. Data Protection Measures

2.1 Technical Safeguards

We employ multiple layers of technical security controls including:

Encryption: All data transmitted between your device and our servers is encrypted using Transport Layer Security protocols. Sensitive data stored on our systems is encrypted at rest using industry-standard encryption algorithms.

Access Controls: We implement strict access control mechanisms to ensure that only authorized personnel can access sensitive information. Access is granted based on the principle of least privilege and role-based permissions.

Network Security: Our infrastructure is protected by firewalls, intrusion detection systems, and regular security monitoring to identify and respond to potential threats.

Secure Authentication: User accounts are protected through secure password requirements and authentication mechanisms. We encourage the use of strong, unique passwords for all accounts.

2.2 Operational Safeguards

Our operational security practices include:

Regular Security Assessments: We conduct periodic security audits and vulnerability assessments to identify and address potential weaknesses in our systems.

Security Monitoring: Our systems are monitored continuously for suspicious activities, unauthorized access attempts, and potential security incidents.

Incident Response: We maintain an incident response plan to quickly detect, contain, and remediate security incidents when they occur.

Data Backup: Regular backups of critical data are performed and stored securely to ensure business continuity and data recovery capabilities.

2.3 Administrative Safeguards

We implement administrative controls including:

Employee Training: All personnel receive regular security awareness training to recognize and respond appropriately to security threats.

Background Checks: Employees with access to sensitive information undergo appropriate background verification procedures.

Confidentiality Agreements: All staff members are bound by confidentiality obligations regarding user data and proprietary information.

Vendor Management: Third-party service providers are carefully evaluated for security practices and contractually obligated to maintain appropriate safeguards.

3. Data Storage and Processing

User data is stored on secure servers maintained by reputable hosting providers. We utilize data centers that implement physical security measures including restricted access, surveillance systems, and environmental controls.

Data processing activities are conducted in accordance with documented procedures designed to maintain confidentiality, integrity, and availability of information.

4. User Account Security

4.1 Password Requirements

To protect your account, we require passwords that meet minimum complexity standards. Users are responsible for maintaining the confidentiality of their login credentials and should not share passwords with others.

4.2 Account Activity Monitoring

We monitor account activity for unusual patterns that may indicate unauthorized access. Users are notified of significant account changes or suspicious login attempts when possible.

4.3 User Responsibilities

Users must:

Maintain the confidentiality of their account credentials and not share login information with unauthorized individuals.

Use strong, unique passwords and update them periodically.

Immediately notify us of any suspected unauthorized access or security breach involving their account.

Log out of their accounts when using shared or public devices.

Keep their contact information current to receive important security notifications.

5. Payment Security

We do not directly store complete credit card information on our servers. Payment processing is handled through secure third-party payment processors that comply with Payment Card Industry Data Security Standards. Financial transactions are encrypted and processed through secure channels.

6. Third-Party Services

We may utilize third-party service providers to support our operations. These providers are selected based on their security capabilities and are contractually required to implement appropriate safeguards. We maintain oversight of third-party security practices through regular reviews and assessments.

We are not responsible for the security practices of external websites or services linked from our platform. Users should review the security policies of any third-party sites they visit.

7. Vulnerability Disclosure

We welcome reports of security vulnerabilities from security researchers and users. If you discover a potential security issue, please report it to us at [email protected].

When reporting vulnerabilities, please provide:

A detailed description of the vulnerability and its potential impact.

Steps to reproduce the issue.

Any relevant technical details or proof-of-concept information.

We request that you refrain from publicly disclosing the vulnerability until we have had reasonable time to investigate and address the issue.

8. Security Incident Response

8.1 Incident Detection and Response

In the event of a security incident that may compromise user data, we will:

Investigate the incident promptly to determine its scope and impact.

Take immediate steps to contain and remediate the incident.

Assess what information may have been affected.

Notify affected users in accordance with applicable requirements and best practices.

Implement measures to prevent similar incidents in the future.

8.2 User Notification

If we determine that a security incident has resulted in unauthorized access to or disclosure of your personal information, we will notify you through the contact information associated with your account or through prominent notice on our platform.

9. Data Retention and Deletion

We retain user data only as long as necessary to provide our services and fulfill the purposes outlined in our Privacy Policy. When data is no longer needed, it is securely deleted or anonymized using methods that prevent recovery or reconstruction.

Users may request deletion of their account and associated data subject to our retention obligations and legitimate business requirements.

10. Physical Security

Our office facilities implement physical security controls including restricted access, visitor management procedures, and secure disposal of sensitive materials. Equipment containing user data is physically secured and properly decommissioned when no longer in use.

11. Application Security

We follow secure development practices including:

Security considerations integrated into the software development lifecycle.

Code reviews and testing to identify potential vulnerabilities.

Regular updates and patches to address known security issues.

Input validation and output encoding to prevent common attack vectors.

Protection against common web application vulnerabilities such as injection attacks, cross-site scripting, and cross-site request forgery.

12. Limitations

While we implement comprehensive security measures, no system can be completely secure. We cannot guarantee absolute security of information transmitted to or stored on our systems. Users acknowledge that they provide information at their own risk.

We are not responsible for security breaches resulting from:

User actions such as sharing passwords or falling victim to phishing attacks.

Vulnerabilities in user devices or networks.

Circumstances beyond our reasonable control.

13. Updates to This Policy

We may update this Security Policy periodically to reflect changes in our practices, technologies, or legal requirements. The date of the last update is indicated at the top of this document. Continued use of our services after changes become effective constitutes acceptance of the updated policy.

Material changes to this policy will be communicated through notice on our platform or direct notification to users.

14. Contact Information

For questions, concerns, or reports regarding security matters, please contact us:

Email: [email protected]

Phone: +1 905 684 5478

Address: 415 Victory St, Windsor, ON N9J 1V8, Canada

This Security Policy is effective as of the last updated date and applies to all users of the Domain platform.

We Value Your Privacy

We use cookies to improve your experience on our platform. Some cookies are essential for site functionality, while others help us understand how you use our services and improve our content. You can manage your preferences below.

Cookie Preferences

Marketing Cookies
Analytics Cookies
Functional Cookies