Domain

Domain

Security Policy

Last Updated: June 24, 2025

Overview

Domain is committed to protecting the security and integrity of your personal information. This Security Policy outlines the measures we implement to safeguard data collected through our platform and services.

Information Security Framework

We maintain a comprehensive information security program designed to protect against unauthorized access, disclosure, alteration, and destruction of data. Our security practices are regularly reviewed and updated to address emerging threats and vulnerabilities.

Technical Safeguards

Our technical security measures include:

  • Industry-standard encryption protocols for data transmission using TLS technology
  • Encrypted storage of sensitive information at rest
  • Secure authentication mechanisms and password protection requirements
  • Regular security assessments and vulnerability scanning
  • Network firewalls and intrusion detection systems
  • Automated backup systems with secure offsite storage

Administrative Safeguards

We enforce strict internal policies and procedures including:

  • Limited access to personal information on a need-to-know basis
  • Employee confidentiality agreements and security training
  • Background checks for personnel with access to sensitive data
  • Incident response and breach notification procedures
  • Regular security awareness training for all staff members

Physical Safeguards

Our physical security controls include:

  • Secure data center facilities with restricted access controls
  • Environmental controls to protect hardware infrastructure
  • Surveillance and monitoring systems
  • Secure disposal procedures for hardware containing sensitive data

Data Encryption

All data transmitted between your device and our servers is encrypted using secure socket layer technology. Personal information stored in our databases is encrypted using advanced encryption standards to prevent unauthorized access.

Access Control

We implement role-based access controls to ensure that only authorized personnel can access specific types of information. Multi-factor authentication is required for administrative access to sensitive systems and data.

Third-Party Security

We carefully select third-party service providers who demonstrate appropriate security practices. All vendors with access to personal information are required to:

  • Maintain security standards comparable to our own
  • Execute data processing agreements that include security obligations
  • Undergo periodic security assessments
  • Notify us promptly of any security incidents

Account Security

You play an important role in protecting your account. We recommend that you:

  • Create strong, unique passwords for your account
  • Never share your login credentials with others
  • Enable multi-factor authentication when available
  • Log out of your account when using shared devices
  • Monitor your account for suspicious activity
  • Report any security concerns immediately to [email protected]

Payment Security

All payment transactions are processed through secure, PCI-DSS compliant payment processors. We do not store complete credit card information on our servers. Payment data is encrypted and transmitted directly to our payment partners using tokenization technology.

Monitoring and Testing

We continuously monitor our systems for potential security threats and vulnerabilities. Our security program includes:

  • Real-time monitoring of network traffic and system logs
  • Regular penetration testing by qualified security professionals
  • Automated vulnerability scanning and patch management
  • Security code reviews for application updates

Security Incident Response

In the event of a security incident that affects personal information, we will:

  • Promptly investigate and contain the incident
  • Assess the scope and impact of the breach
  • Notify affected individuals in accordance with applicable laws
  • Take corrective action to prevent similar incidents
  • Cooperate with law enforcement and regulatory authorities as required

Data Retention and Disposal

We retain personal information only as long as necessary to fulfill the purposes for which it was collected or as required by law. When data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent recovery or reconstruction.

Employee Training

All employees receive regular training on security best practices, data protection requirements, and their responsibilities for safeguarding personal information. Specialized training is provided to personnel handling sensitive data or maintaining security systems.

Security Updates

We regularly update our security measures to address new threats and incorporate technological advances. Software and systems are kept current with security patches and updates applied in a timely manner.

Limitations

While we implement robust security measures, no system can guarantee absolute security. We cannot ensure or warrant the security of any information you transmit to us. You acknowledge that you provide information at your own risk.

Your Responsibilities

Security is a shared responsibility. By using our services, you agree to:

  • Maintain the confidentiality of your account credentials
  • Use security features we provide, including multi-factor authentication
  • Keep your contact information current for security notifications
  • Promptly report suspected security violations or unauthorized access
  • Use our services in compliance with applicable laws and our terms of service

Reporting Security Concerns

If you discover a security vulnerability or have concerns about the security of our services, please contact us immediately at [email protected] or call +1 604 308 9111. We appreciate responsible disclosure and will investigate all legitimate reports.

Policy Updates

We may update this Security Policy periodically to reflect changes in our security practices or legal requirements. The date of the most recent revision will be indicated at the top of this page. Continued use of our services after changes become effective constitutes acceptance of the updated policy.

Compliance

Our security practices are designed to comply with applicable privacy and data protection laws. We regularly review our compliance posture and adjust our security measures as needed to meet evolving regulatory requirements.

Contact Information

For questions or concerns about this Security Policy or our security practices, please contact us:

Domain
1020 103 Ave, Dawson Creek, BC V1G 2G5, Canada
Email: [email protected]
Phone: +1 604 308 9111

We use cookies to enhance your experience on our platform. You can accept all cookies or customize your preferences.
Essential cookies required for site functionality
Enables enhanced features and personalization
Includes analytics and performance tracking