We use cookies to deliver live webinar functionality, analyse usage patterns, and where you agree, to personalise content. Under PIPEDA you may withdraw consent at any time. Privacy policy

Manage preferences — Essential cookies are always active and required for the site to function. Optional cookies are used for analytics and personalised content.
Domain logo
Join a webinar

Security Policy

Last Updated: December 3, 2025

Domain ("we," "us," or "our") is committed to protecting the security of our platform, infrastructure, and the data entrusted to us by users and participants. This Security Policy describes the technical and organizational measures we implement to safeguard information processed through domain.biz.

1. Scope

This policy applies to all systems, services, and processes operated by Domain, including the webinar platform, user accounts, communication tools, and supporting infrastructure. It covers all personal and organizational data collected and processed in connection with our services.

2. Infrastructure Security

2.1 Hosting and Network

Our services are hosted on enterprise-grade cloud infrastructure with physical and environmental controls including access restrictions, climate management, fire suppression, and continuous power supply. Network perimeters are protected by firewalls, intrusion detection systems, and traffic filtering mechanisms.

2.2 Data Transmission

All data transmitted between users and our platform is encrypted using Transport Layer Security (TLS 1.2 or higher). Unencrypted connections are automatically redirected to secure channels. We enforce HTTPS across all endpoints.

2.3 Data Storage

Data at rest is encrypted using industry-standard encryption algorithms. Storage systems are segmented and access is restricted to authorized processes and personnel only. Backup copies are encrypted and stored separately from primary systems.

3. Access Control

3.1 User Authentication

User accounts are protected by password-based authentication. Passwords are stored as salted cryptographic hashes and are never stored in plaintext. Users are encouraged to choose strong, unique passwords and to enable any available multi-factor authentication options.

3.2 Internal Access

Access to production systems and sensitive data by Domain personnel is governed by the principle of least privilege. Access rights are granted only as required for specific job functions and are reviewed and revoked upon role changes or termination. Multi-factor authentication is required for all internal system access.

3.3 Administrative Controls

Administrative access to platform infrastructure is restricted, logged, and audited. Privileged sessions are monitored, and all access events are recorded with timestamps for review.

4. Application Security

4.1 Secure Development Practices

Our development processes incorporate security reviews at each stage of the software lifecycle. Code changes undergo review before deployment. We apply security-focused testing including vulnerability scanning and dependency audits to identify and remediate known issues.

4.2 Common Vulnerability Protections

Our platform is designed to protect against common application security threats including but not limited to:

4.3 Dependency Management

Third-party libraries and software components used in our platform are regularly reviewed and updated to address publicly disclosed vulnerabilities. Outdated or insecure dependencies are identified and replaced in a timely manner.

5. Monitoring and Incident Response

5.1 Continuous Monitoring

Our systems are subject to continuous monitoring for anomalous activity, unauthorized access attempts, and performance irregularities. Automated alerting systems notify our operations team of events that require investigation.

5.2 Incident Response

We maintain an internal incident response process for identifying, containing, and resolving security incidents. In the event of a confirmed security breach affecting user data, we will notify affected users and, where applicable, relevant authorities, in accordance with our obligations and within a reasonable timeframe.

5.3 Logging and Audit Trails

Security-relevant events are logged and retained for a defined period to support investigation and audit. Logs are protected from unauthorized modification and are accessible only to authorized personnel.

6. Physical Security

Physical access to data centre facilities used by our infrastructure providers is controlled through multi-layered security measures including badge access, biometric verification, security personnel, and video surveillance. Domain employees do not have unsupervised physical access to production hardware.

7. Third-Party Service Providers

We work with third-party vendors and service providers to deliver portions of our platform. These providers are evaluated for their security practices prior to engagement. Where applicable, contractual obligations require vendors to maintain security standards consistent with this policy and applicable data protection requirements.

8. Data Retention and Disposal

Data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required to meet legal and operational obligations. When data is no longer required, it is securely deleted or anonymized using methods that prevent recovery. Physical media containing sensitive data is destroyed using secure disposal procedures.

9. Employee Security Practices

All Domain personnel with access to user data or platform systems are subject to confidentiality obligations and receive security awareness training. Employees are required to follow internal security policies governing the handling of data, use of systems, and reporting of suspected security incidents.

10. Vulnerability Disclosure

If you believe you have identified a security vulnerability affecting our platform, we encourage responsible disclosure. Please report your findings to us by email at [email protected] with a description of the issue and steps to reproduce it. We will acknowledge receipt and work to investigate and address confirmed vulnerabilities in a timely manner. We ask that you refrain from publicly disclosing the issue until we have had a reasonable opportunity to respond.

11. Security of Communications

Communications sent to us by email or through our platform are transmitted over encrypted channels where supported. However, the security of email communications outside our control cannot be guaranteed. For sensitive matters, we recommend using the secure contact channels available within the platform.

12. Changes to This Policy

We may update this Security Policy from time to time to reflect changes in our practices, technology, or applicable requirements. When changes are made, the updated policy will be published on this page with a revised date. We encourage you to review this page periodically to stay informed about our security practices.

13. Contact Us

If you have questions or concerns regarding this Security Policy or our security practices, please contact us:

Contact Method Details
Email [email protected]
Phone +1 519 940 3008
Mailing Address 1166 5th line, Newtonville, ON L0A 1J0, Canada
Website domain.biz