Security Policy

Last Updated: November 6, 2025

At Domain, we are committed to protecting the security and integrity of your personal information and our educational platform. This Security Policy outlines the measures we implement to safeguard your data and maintain a secure learning environment.

1. Information Security Framework

We maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of all data processed through our platform.

1.1 Security Standards

Our security practices are aligned with industry-recognized standards and best practices, including:

• Regular security assessments and audits
• Continuous monitoring of security threats
• Implementation of technical and organizational safeguards
• Adherence to data protection regulations

1.2 Security Governance

We have established a security governance structure that includes:

• Designated security personnel responsible for oversight
• Regular review and update of security policies
• Security awareness training for all personnel
• Incident response and management procedures

2. Data Protection Measures

2.1 Encryption

We employ encryption technologies to protect data both in transit and at rest:

• Data in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS protocols
• Data at Rest: Sensitive data stored on our systems is encrypted using strong encryption algorithms
• Database Encryption: Personal information and educational records are stored in encrypted databases

2.2 Access Controls

We implement strict access control measures including:

• Role-based access control limiting data access to authorized personnel only
• Multi-factor authentication for administrative access
• Regular review and revocation of access privileges
• Logging and monitoring of all access to sensitive data

2.3 Data Minimization

We collect and retain only the data necessary to provide our educational services and comply with legal obligations. Data is regularly reviewed and securely deleted when no longer needed.

3. Infrastructure Security

3.1 Network Security

Our network infrastructure is protected through:

• Firewalls and intrusion detection systems
• Network segmentation to isolate sensitive systems
• Regular vulnerability scanning and penetration testing
• DDoS protection and mitigation services

3.2 Server Security

Our servers are secured using:

• Hardened operating systems with minimal necessary services
• Regular security patches and updates
• Automated backup systems with encrypted storage
• Physical security controls at data center facilities

3.3 Cloud Security

When utilizing cloud service providers, we ensure they maintain appropriate security certifications and comply with our security requirements through:

• Careful vendor selection and due diligence
• Contractual security obligations
• Regular security audits of third-party providers

4. Application Security

4.1 Secure Development

Our development practices incorporate security throughout the software lifecycle:

• Security requirements integrated into design specifications
• Secure coding standards and guidelines
• Code review processes including security analysis
• Regular security testing of applications

4.2 Vulnerability Management

We maintain an active vulnerability management program:

• Continuous monitoring for security vulnerabilities
• Prompt patching of identified vulnerabilities
• Regular security assessments and penetration testing
• Bug bounty program encouraging responsible disclosure

4.3 Session Management

User sessions are protected through:

• Secure session token generation and management
• Automatic session timeout after periods of inactivity
• Secure cookie attributes preventing unauthorized access
• Protection against session hijacking and fixation attacks

5. User Account Security

5.1 Authentication

We implement strong authentication mechanisms:

• Password complexity requirements
• Secure password storage using industry-standard hashing
• Optional multi-factor authentication for enhanced security
• Account lockout policies after repeated failed login attempts

5.2 User Responsibilities

Users are responsible for:

• Maintaining the confidentiality of their account credentials
• Using strong, unique passwords
• Enabling multi-factor authentication when available
• Reporting any suspected unauthorized account access
• Logging out from shared or public devices

5.3 Password Reset Procedures

Our password reset process includes security measures to verify user identity and prevent unauthorized account access.

6. Payment Security

We take payment security seriously and implement the following measures:

• Use of PCI-DSS compliant payment processors
• No storage of complete payment card information on our servers
• Tokenization of payment information
• Encrypted transmission of all payment data
• Regular security audits of payment processes

7. Platform Security Features

7.1 Live Session Security

Online learning sessions are protected through:

• Encrypted video and audio streams
• Access controls limiting participation to enrolled students
• Instructor controls for managing participants
• Recording controls with proper consent mechanisms

7.2 Content Security

Educational content and materials are protected by:

• Access restrictions based on enrollment status
• Digital rights management for proprietary content
• Watermarking of sensitive materials where appropriate
• Monitoring for unauthorized sharing or distribution

7.3 Communication Security

Platform communications including messaging and notifications are secured through encryption and access controls to ensure privacy between instructors and students.

8. Employee Security

8.1 Background Checks

Where legally permissible, we conduct appropriate background checks on employees with access to sensitive data or systems.

8.2 Training and Awareness

All employees receive:

• Security awareness training upon hiring
• Regular updates on security policies and procedures
• Phishing and social engineering awareness training
• Role-specific security training as appropriate

8.3 Confidentiality Obligations

Employees are bound by confidentiality agreements and policies prohibiting unauthorized disclosure or use of sensitive information.

9. Incident Response

9.1 Incident Management

We maintain an incident response plan that includes:

• Procedures for detecting and reporting security incidents
• Designated incident response team
• Investigation and containment procedures
• Communication protocols for affected parties
• Post-incident analysis and remediation

9.2 Breach Notification

In the event of a data breach affecting personal information, we will:

• Promptly investigate the incident
• Notify affected users in accordance with applicable laws
• Provide information about the breach and recommended actions
• Report to relevant regulatory authorities as required
• Implement measures to prevent similar incidents

9.3 User Reporting

Users who discover security vulnerabilities or suspect security incidents should report them immediately to [email protected].

10. Third-Party Security

10.1 Vendor Management

We carefully evaluate third-party service providers and require them to maintain appropriate security standards through:

• Security assessments during vendor selection
• Contractual security and privacy obligations
• Regular review of vendor security practices
• Data processing agreements where applicable

10.2 Integration Security

Third-party integrations are implemented with security controls including:

• API authentication and authorization
• Data minimization in external transfers
• Encryption of data shared with third parties
• Regular review of integration permissions

11. Business Continuity

11.1 Backup and Recovery

We maintain regular backup procedures including:

• Automated daily backups of critical data
• Encrypted backup storage
• Regular testing of backup restoration procedures
• Geographically distributed backup locations

11.2 Disaster Recovery

Our disaster recovery plan ensures continuity of services through:

• Documented recovery procedures
• Redundant systems and infrastructure
• Regular disaster recovery testing
• Defined recovery time objectives

12. Monitoring and Auditing

12.1 Security Monitoring

We continuously monitor our systems for security threats through:

• Automated security event logging
• Real-time threat detection systems
• Regular log analysis and review
• Alerting mechanisms for suspicious activities

12.2 Security Audits

Regular security audits are conducted including:

• Internal security assessments
• Third-party security audits
• Penetration testing
• Compliance audits as required

13. Privacy and Data Protection

This Security Policy works in conjunction with our Privacy Policy to ensure comprehensive protection of user information. Please refer to our Privacy Policy for detailed information about data collection, use, and privacy rights.

14. Compliance

We are committed to complying with applicable data protection and security regulations. Our security measures are designed to meet or exceed legal requirements in the jurisdictions where we operate.

15. Limitations

While we implement robust security measures, no system can be completely secure. We cannot guarantee absolute security and are not responsible for:

• Unauthorized access resulting from user disclosure of credentials
• Security breaches caused by factors beyond our reasonable control
• Actions of third parties outside our network
• User failure to implement recommended security practices

16. Updates to This Policy

We may update this Security Policy periodically to reflect changes in our security practices or legal requirements. Material changes will be communicated through:

• Notice on our platform
• Email notification to registered users
• Update of the "Last Updated" date

Continued use of our services after policy updates constitutes acceptance of the revised policy.

17. Contact Information

For security-related questions, concerns, or to report security issues, please contact us:

Domain
33344 2nd Ave, Mission, BC V2V 1K3, Canada
Email: [email protected]
Phone: +1 905 826 4141
WhatsApp: +1 905 826 4141

18. Security Best Practices for Users

We recommend users follow these security best practices:

• Use strong, unique passwords for your account
• Enable multi-factor authentication if available
• Keep your contact information up to date
• Use secure, private internet connections for accessing the platform
• Keep your devices and browsers updated
• Be cautious of phishing attempts and suspicious communications
• Log out after completing your session, especially on shared devices
• Report any suspicious activity or security concerns immediately
• Review your account activity regularly
• Do not share your account credentials with others

By using our platform, you acknowledge that you have read and understood this Security Policy and agree to our security practices and your security responsibilities.