Domain Logo

Domain

Security Policy

Last Updated: May 27, 2025

Domain is committed to protecting the security and integrity of your personal information and data. This Security Policy outlines the measures we implement to safeguard your information across our online learning platform.

1. Information Security Overview

We recognize that security is fundamental to maintaining your trust. Our security framework is designed to protect against unauthorized access, disclosure, alteration, and destruction of information we collect and store.

1.1 Security Principles

Our approach to security is guided by the following core principles:

  • Confidentiality: Ensuring information is accessible only to authorized individuals
  • Integrity: Maintaining accuracy and completeness of data
  • Availability: Ensuring authorized users have reliable access when needed
  • Accountability: Maintaining comprehensive audit trails and monitoring

2. Technical Security Measures

2.1 Encryption and Data Protection

We employ industry-standard encryption protocols to protect data both in transit and at rest:

  • TLS 1.2 or higher encryption for all data transmitted between your device and our servers
  • Encryption of sensitive data stored in our databases using AES-256 or equivalent standards
  • Secure encryption key management with regular rotation procedures
  • End-to-end encryption for sensitive communications where applicable

2.2 Network Security

Our network infrastructure includes multiple layers of protection:

  • Firewall systems to monitor and control incoming and outgoing network traffic
  • Intrusion detection and prevention systems to identify suspicious activities
  • Regular security scanning and vulnerability assessments
  • DDoS mitigation measures to ensure service availability
  • Network segmentation to isolate critical systems and data

2.3 Application Security

Our development and deployment practices incorporate security at every stage:

  • Secure coding practices following OWASP guidelines
  • Regular code reviews with security-focused analysis
  • Automated security testing integrated into our development pipeline
  • Third-party security audits and penetration testing
  • Input validation and sanitization to prevent injection attacks
  • Protection against cross-site scripting and cross-site request forgery

3. Access Controls and Authentication

3.1 User Authentication

We implement robust authentication mechanisms to verify user identities:

  • Strong password requirements with complexity standards
  • Multi-factor authentication options for enhanced account security
  • Account lockout policies after multiple failed login attempts
  • Secure password recovery processes with identity verification
  • Session management with automatic timeout after periods of inactivity

3.2 Internal Access Controls

Access to your information by our personnel is strictly controlled:

  • Role-based access control limiting access to necessary information only
  • Principle of least privilege applied to all system access
  • Mandatory access reviews and recertification procedures
  • Comprehensive logging of all access to sensitive data
  • Immediate revocation of access upon employment termination

4. Data Storage and Infrastructure Security

4.1 Physical Security

Our data centers and facilities maintain rigorous physical security measures:

  • 24/7 monitoring and surveillance systems
  • Restricted access with biometric authentication and security personnel
  • Environmental controls for temperature, humidity, and fire suppression
  • Redundant power supplies and backup systems
  • Secure disposal procedures for hardware containing sensitive data

4.2 Cloud Infrastructure Security

When utilizing cloud service providers, we ensure they meet stringent security standards:

  • Selection of providers with recognized security certifications
  • Regular security assessments of third-party infrastructure
  • Contractual security requirements and service level agreements
  • Data residency controls and geographic backup locations

5. Data Backup and Business Continuity

5.1 Backup Procedures

We maintain comprehensive backup systems to protect against data loss:

  • Regular automated backups of all critical data and systems
  • Encrypted backup storage in geographically distributed locations
  • Regular testing of backup restoration procedures
  • Retention policies aligned with legal and operational requirements

5.2 Disaster Recovery and Business Continuity

Our continuity planning ensures service availability during adverse events:

  • Documented disaster recovery plans with defined recovery objectives
  • Redundant systems and failover capabilities
  • Regular testing and updating of continuity procedures
  • Incident response team with clear roles and responsibilities

6. Security Monitoring and Incident Response

6.1 Continuous Monitoring

We maintain ongoing surveillance of our systems and networks:

  • Real-time monitoring of system logs and security events
  • Automated alerting for suspicious activities or anomalies
  • Regular security metric reporting and analysis
  • Threat intelligence integration to identify emerging risks

6.2 Incident Response

In the event of a security incident, we follow established protocols:

  • Immediate containment measures to limit potential impact
  • Thorough investigation to determine scope and cause
  • Remediation actions to address vulnerabilities
  • Notification procedures in accordance with applicable requirements
  • Post-incident review and implementation of preventive measures

7. Vendor and Third-Party Security

7.1 Third-Party Risk Management

We carefully evaluate and monitor security practices of external parties:

  • Security assessments prior to vendor engagement
  • Contractual security requirements and compliance obligations
  • Regular audits of third-party security controls
  • Limited data sharing based on necessity and purpose
  • Secure data transmission protocols with external partners

8. Employee Security and Training

8.1 Personnel Security

Our team members are integral to maintaining security:

  • Background verification processes for employees with access to sensitive data
  • Signed confidentiality and security agreements
  • Clear security policies and acceptable use guidelines
  • Regular security awareness training and education
  • Simulated phishing exercises and security drills

9. User Responsibilities and Best Practices

9.1 Account Security

We encourage users to take proactive steps to protect their accounts:

  • Create strong, unique passwords and update them regularly
  • Enable multi-factor authentication when available
  • Do not share account credentials with others
  • Log out of your account when using shared devices
  • Report suspicious activities or potential security concerns immediately

9.2 Safe Usage Guidelines

To maintain security while using our platform:

  • Keep your devices and browsers updated with latest security patches
  • Use secure, trusted networks when accessing sensitive information
  • Be cautious of phishing attempts and verify sender authenticity
  • Review account activity regularly for unauthorized access
  • Contact us immediately if you suspect your account has been compromised

10. Compliance and Certifications

10.1 Security Standards Compliance

We align our security practices with recognized industry standards and frameworks:

  • Regular security audits and assessments
  • Adherence to applicable data protection regulations
  • Implementation of security best practices and guidelines
  • Continuous improvement based on evolving security landscape

11. Data Retention and Secure Deletion

11.1 Retention Practices

We retain data only as long as necessary for legitimate purposes:

  • Defined retention periods based on data type and purpose
  • Automated deletion processes for expired data
  • Secure archival of data requiring longer retention

11.2 Secure Deletion

When data is no longer needed, we ensure complete removal:

  • Data sanitization procedures that prevent recovery
  • Secure destruction of physical media
  • Verification of deletion completion
  • Documentation of disposal activities

12. Privacy and Security Integration

Security and privacy are closely interconnected in our operations. Our security measures are designed to support and enforce the privacy commitments outlined in our Privacy Policy. We implement technical and organizational safeguards that ensure your personal information is processed securely and in accordance with your privacy rights.

13. Vulnerability Disclosure and Reporting

13.1 Responsible Disclosure

We welcome and encourage responsible disclosure of security vulnerabilities:

  • Dedicated channel for reporting potential security issues
  • Acknowledgment of vulnerability reports within a reasonable timeframe
  • Coordinated disclosure process to address identified issues
  • Recognition of security researchers who assist in improving our security

13.2 Reporting Security Concerns

If you discover a potential security vulnerability or have security-related concerns, please contact us at:

Email: [email protected]

Please provide detailed information about the potential issue to help us investigate and address it promptly.

14. Security Updates and Maintenance

14.1 System Updates

We maintain current security posture through regular updates:

  • Timely application of security patches and updates
  • Scheduled maintenance windows for critical updates
  • Testing procedures before deploying updates to production
  • Monitoring for newly disclosed vulnerabilities

14.2 Security Policy Reviews

This Security Policy is reviewed and updated periodically to reflect:

  • Changes in our security practices and technologies
  • Evolving threat landscape and security requirements
  • Feedback from security assessments and audits
  • Regulatory changes and industry best practices

15. Limitations and Disclaimers

While we implement comprehensive security measures, we cannot guarantee absolute security. Users should be aware that:

  • No system is completely immune to security threats
  • Internet transmission carries inherent risks
  • Users share responsibility for protecting their account credentials
  • Security effectiveness depends partly on user compliance with best practices

We are committed to maintaining reasonable and appropriate security measures and will continue to enhance our security posture in response to emerging threats and technologies.

16. Contact Information

For questions, concerns, or additional information about our security practices, please contact us:

Domain
4678 E River East Side Rd
New Glasgow, NS B2H 5C5, Canada
Phone: +14165653354
Email: [email protected]

This Security Policy is effective as of the last updated date shown above. We reserve the right to modify this policy at any time. Material changes will be communicated through appropriate channels.

Cookie Settings

We use cookies to enhance your learning experience and analyze site usage. Choose your preferences below.