Security Policy
Last Updated: March 1, 2026
This Security Policy describes the technical and organizational measures Domain ("we," "us," or "our") implements to protect the confidentiality, integrity, and availability of data processed through denaforub.biz. By using our platform, you acknowledge the practices described herein.
1. Scope
This policy applies to all systems, infrastructure, personnel, and third-party service providers involved in the collection, storage, processing, and transmission of data through our webinar platform and associated services.
2. Data Protection Principles
We apply the following core principles when handling data:
- Minimisation: We collect only the data necessary to deliver our services.
- Purpose Limitation: Data is used solely for the purposes for which it was collected.
- Accuracy: We maintain processes to keep data accurate and up to date.
- Storage Limitation: Data is retained only for as long as operationally or legally required.
- Integrity and Confidentiality: Appropriate controls protect data against unauthorised access, loss, or destruction.
3. Infrastructure Security
3.1 Hosting and Network
- Services are hosted on enterprise-grade cloud infrastructure with physical access controls, redundancy, and continuous availability monitoring.
- Network traffic is segmented using firewalls and access control lists.
- Intrusion detection and prevention systems monitor for anomalous activity.
- Distributed denial-of-service (DDoS) mitigation controls are in place.
3.2 Data Encryption
- All data in transit is encrypted using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256 or equivalent industry-standard algorithms.
- Encryption keys are managed through a dedicated key management system with access logging.
3.3 Availability and Redundancy
- Critical systems operate with redundant components and failover capabilities.
- Regular backups are performed, encrypted, and stored in geographically separate locations.
- Backup restoration is tested periodically to verify integrity and recovery time.
4. Access Controls
4.1 Principle of Least Privilege
Access to production systems and customer data is granted on a need-to-know basis. Permissions are reviewed regularly and revoked promptly upon role change or termination.
4.2 Authentication
- All internal systems require strong password policies.
- Multi-factor authentication (MFA) is enforced for administrative and privileged access.
- Session tokens expire after periods of inactivity.
4.3 Audit Logging
Access to sensitive systems and data is logged with timestamps, user identifiers, and action details. Logs are retained for a minimum of 12 months and protected against tampering.
5. Application Security
5.1 Secure Development
- Security is integrated throughout the software development lifecycle (SDLC).
- Code is reviewed for security vulnerabilities before deployment.
- Third-party dependencies are monitored for known vulnerabilities and updated promptly.
5.2 Vulnerability Management
- Regular vulnerability scans and penetration tests are conducted on production systems.
- Critical vulnerabilities are remediated within defined timelines based on severity classification.
- A responsible disclosure process is available for external security researchers.
5.3 Input Validation and Output Encoding
All user-supplied input is validated server-side. Output encoding is applied to prevent cross-site scripting (XSS) and injection attacks. Protection against SQL injection, CSRF, and other OWASP Top 10 threats is built into the application layer.
6. Organisational Security
6.1 Personnel
- Staff with access to sensitive systems undergo background verification appropriate to their role.
- All personnel complete security awareness training upon onboarding and annually thereafter.
- Confidentiality obligations are embedded in employment and contractor agreements.
6.2 Device and Endpoint Security
- Company-managed devices are subject to endpoint protection, full-disk encryption, and remote wipe capability.
- Patch management policies ensure timely application of operating system and software updates.
6.3 Physical Security
Offices and facilities containing sensitive systems or documents are protected by controlled access mechanisms. Visitors are logged and supervised. Paper records containing sensitive data are securely disposed of.
7. Third-Party and Vendor Management
All third-party service providers who access, store, or process data on our behalf are assessed for security posture prior to engagement. Data processing agreements are in place requiring vendors to maintain security standards consistent with this policy. Vendor compliance is reviewed periodically.
8. Incident Response
8.1 Detection and Response
We maintain a documented incident response plan covering detection, containment, eradication, recovery, and post-incident review. Security events are triaged by severity, and a dedicated response team is activated for confirmed incidents.
8.2 Notification
In the event of a confirmed security incident affecting your data, we will notify affected users without undue delay, providing details of the nature of the incident, data involved, likely consequences, and remediation measures taken.
8.3 Post-Incident Review
Every significant incident triggers a root-cause analysis and a structured review to prevent recurrence. Findings are used to update controls, procedures, and training.
9. Business Continuity and Disaster Recovery
We maintain business continuity and disaster recovery plans that are tested at least annually. Recovery time objectives (RTO) and recovery point objectives (RPO) are defined for critical services. These plans are reviewed and updated following significant infrastructure changes or incidents.
10. Monitoring and Logging
Continuous monitoring covers network traffic, system performance, application behaviour, and security events. Automated alerting is configured for anomalous patterns. Security information and event management (SIEM) tooling aggregates and correlates logs across systems to enable rapid detection and investigation.
11. Compliance and Certifications
We align our security practices with recognised frameworks and standards. Our security program is reviewed internally on a scheduled basis. Where applicable, we pursue or maintain third-party assessments and certifications to validate our controls against established benchmarks.
12. Responsible Disclosure
If you identify a potential security vulnerability in our platform, we encourage responsible disclosure. Please report findings to [email protected] with sufficient detail to reproduce the issue. We commit to acknowledging receipt promptly, investigating reported issues in good faith, and coordinating remediation before any public disclosure.
13. Changes to This Policy
We may update this Security Policy to reflect changes in our practices, technology, or legal requirements. The date at the top of this page indicates when the policy was last revised. Continued use of our services following a material change constitutes acceptance of the updated policy.
14. Contact
For questions, concerns, or requests related to this Security Policy, please contact us:
| Channel | Details |
|---|---|
| [email protected] | |
| Phone | +1 604 533 5657 |
| Mailing Address | 910 Rue Côté, Rouyn-Noranda, QC J9X 3S5, Canada |