Domain Logo
Domain

Interactive journalism training across Canada

Security Policy

Last Updated: June 1, 2025

At Domain, we are committed to protecting the security and integrity of your personal information and data. This Security Policy outlines the measures we implement to safeguard your information and maintain the confidentiality, integrity, and availability of our platform.

1. Information Security Framework

1.1 Security Commitment

We maintain a comprehensive information security program designed to protect your data from unauthorized access, disclosure, alteration, and destruction. Our security practices are regularly reviewed and updated to address emerging threats and vulnerabilities.

1.2 Security Principles

Our security approach is built on the following core principles:

Confidentiality: Ensuring that information is accessible only to authorized individuals and systems.

Integrity: Maintaining the accuracy and completeness of information and processing methods.

Availability: Ensuring that authorized users have access to information and resources when needed.

Privacy: Respecting and protecting the privacy rights of all users.

2. Technical Security Measures

2.1 Data Encryption

We employ industry-standard encryption protocols to protect data both in transit and at rest. All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) protocols. Sensitive data stored in our databases is encrypted using advanced encryption algorithms.

2.2 Access Controls

We implement strict access control mechanisms to ensure that only authorized personnel can access sensitive systems and data. Access rights are granted based on the principle of least privilege, meaning users receive only the minimum level of access necessary to perform their job functions.

2.3 Authentication and Authorization

Our platform utilizes secure authentication mechanisms to verify user identities. We support strong password requirements and encourage the use of multi-factor authentication for enhanced account security. Session management protocols ensure that user sessions are secure and properly terminated.

2.4 Network Security

We maintain robust network security infrastructure including firewalls, intrusion detection systems, and intrusion prevention systems. Our network architecture is designed to segment and isolate sensitive systems, reducing the potential impact of security incidents.

3. Infrastructure Security

3.1 Hosting and Data Centers

Our services are hosted in secure data centers that maintain physical security controls, environmental controls, and redundant power and network connectivity. These facilities are monitored continuously and comply with recognized security standards.

3.2 System Monitoring

We employ automated monitoring systems to detect and respond to security threats in real-time. Our security operations team monitors system logs, network traffic, and security events to identify and address potential security issues promptly.

3.3 Backup and Disaster Recovery

Regular backups of critical data are performed and stored securely in geographically distributed locations. We maintain comprehensive disaster recovery and business continuity plans to ensure service availability in the event of unexpected disruptions.

4. Application Security

4.1 Secure Development Practices

Our development team follows secure coding standards and best practices throughout the software development lifecycle. We conduct code reviews, security testing, and vulnerability assessments to identify and remediate security weaknesses before deployment.

4.2 Vulnerability Management

We maintain an active vulnerability management program that includes regular security assessments, penetration testing, and vulnerability scanning. Identified vulnerabilities are prioritized and remediated based on their severity and potential impact.

4.3 Third-Party Security

We carefully evaluate the security practices of third-party service providers and partners. Contracts with third parties include appropriate security requirements and data protection obligations.

5. Data Protection Measures

5.1 Data Minimization

We collect and retain only the data necessary to provide our services and fulfill our legitimate business purposes. Data retention periods are established based on legal requirements and business needs.

5.2 Data Segregation

User data is logically segregated to prevent unauthorized access between different user accounts and organizations. We implement controls to ensure data isolation and prevent data leakage.

5.3 Secure Data Disposal

When data is no longer needed, we employ secure deletion methods to ensure that information cannot be recovered or reconstructed. Physical media containing sensitive information is destroyed in accordance with industry standards.

6. Personnel Security

6.1 Background Checks

We conduct appropriate background verification for employees and contractors who have access to sensitive systems and data, in accordance with applicable laws and regulations.

6.2 Security Training

All personnel receive regular security awareness training to understand their security responsibilities and recognize common security threats such as phishing, social engineering, and malware.

6.3 Confidentiality Obligations

Employees and contractors are bound by confidentiality agreements that require them to protect sensitive information and prevent unauthorized disclosure.

7. Incident Response

7.1 Incident Management

We maintain a formal incident response plan that defines procedures for detecting, responding to, and recovering from security incidents. Our incident response team is trained to handle various types of security events.

7.2 Incident Notification

In the event of a security incident that affects your personal information, we will notify affected users in accordance with applicable legal requirements. Notifications will include information about the nature of the incident and recommended protective measures.

7.3 Post-Incident Analysis

Following security incidents, we conduct thorough investigations to determine root causes and implement corrective actions to prevent similar incidents from occurring in the future.

8. User Security Responsibilities

8.1 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You should choose strong, unique passwords and never share your login information with others.

8.2 Reporting Security Issues

If you discover or suspect a security vulnerability or incident involving our platform, please report it to us immediately at [email protected]. We appreciate responsible disclosure and will work with you to address legitimate security concerns.

8.3 Secure Usage

We recommend that you keep your devices and software up to date with the latest security patches, use reputable antivirus software, and exercise caution when clicking on links or downloading attachments from unknown sources.

9. Compliance and Certifications

9.1 Regulatory Compliance

We strive to comply with applicable data protection and privacy regulations. Our security practices are designed to meet or exceed industry standards and legal requirements.

9.2 Security Audits

We conduct regular internal and external security audits to assess the effectiveness of our security controls and identify areas for improvement. Audit findings are reviewed and addressed by management.

9.3 Continuous Improvement

Security is an ongoing process. We continuously monitor emerging threats, evaluate new security technologies, and update our security practices to maintain effective protection of your information.

10. Third-Party Links and Services

Our platform may contain links to third-party websites or integrate with third-party services. We are not responsible for the security practices of these external sites and services. We encourage you to review the security and privacy policies of any third-party services you access.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We implement appropriate safeguards to ensure that your data receives adequate protection regardless of where it is processed.

12. Children's Security

We take additional precautions to protect the security and privacy of children's information. If we become aware that we have collected information from children without appropriate parental consent, we will take steps to delete such information.

13. Changes to This Security Policy

We may update this Security Policy from time to time to reflect changes in our security practices, technology, or legal requirements. When we make significant changes, we will notify users through appropriate channels and update the "Last Updated" date at the top of this policy.

Your continued use of our platform after changes to this Security Policy constitutes acceptance of the updated policy.

14. Security Limitations

While we implement robust security measures, no security system is impenetrable. We cannot guarantee absolute security of information transmitted through or stored on our systems. You acknowledge and accept the inherent security risks of providing information and conducting transactions online.

15. Contact Information

If you have questions, concerns, or comments about our security practices, please contact us:

Domain

459 Waterloo Ave, Penticton, BC V2A 7N1, Canada

Phone: +1 519 941 3381

Email: [email protected]

This Security Policy demonstrates our commitment to protecting your information and maintaining the trust you place in us. We encourage you to review this policy periodically and to contact us with any questions or concerns.