Security Policy
Last Updated: April 15, 2025
This Security Policy describes the measures Domain takes to protect the confidentiality, integrity, and availability of information processed through its platform at lakumesbo.biz. By using our services, you acknowledge the practices described herein.
1. Scope
This policy applies to all systems, infrastructure, applications, and data managed by Domain, including information submitted by users, instructors, and administrators through the platform. It covers both technical and organizational security controls.
2. Data Protection Principles
Domain adheres to the following core principles when handling user data:
- Confidentiality: Access to data is restricted to authorized personnel and systems with a legitimate need.
- Integrity: Data is protected against unauthorized modification, corruption, or deletion.
- Availability: Systems are maintained to ensure reliable and consistent access for authorized users.
- Accountability: All access and changes to sensitive data are logged and auditable.
3. Infrastructure Security
3.1 Hosting and Environment
Platform services are hosted on infrastructure that implements physical access controls, redundant power systems, and environmental monitoring. Hosting facilities are operated by providers that maintain recognized security certifications.
3.2 Network Security
Network perimeters are protected by firewalls, intrusion detection systems, and traffic filtering mechanisms. Internal network segments are isolated based on sensitivity and function. Unnecessary ports and services are disabled by default.
3.3 System Hardening
All servers and operating environments are configured according to hardening baselines. Default credentials are changed, unused software components are removed, and configurations are reviewed periodically.
4. Application Security
4.1 Secure Development
Domain follows secure software development practices throughout the product lifecycle. This includes code review, dependency management, and testing for common vulnerability classes such as injection, cross-site scripting, and broken authentication.
4.2 Authentication
User authentication requires unique credentials. Support for multi-factor authentication is provided where applicable. Passwords are stored using strong one-way hashing algorithms and are never stored in plaintext.
4.3 Session Management
User sessions are issued with time-limited tokens. Sessions are invalidated upon logout and expire after a defined period of inactivity. Session identifiers are transmitted only over encrypted connections.
4.4 Input Validation and Output Encoding
All user-supplied input is validated server-side. Output is encoded appropriately to prevent injection-based attacks. File uploads are scanned and restricted by type and size.
5. Data Transmission Security
All data transmitted between users and Domain's platform is encrypted using Transport Layer Security (TLS). Connections using outdated or insecure protocol versions are rejected. HTTP requests are automatically redirected to HTTPS.
6. Data Storage and Retention
Data at rest is encrypted using industry-standard encryption algorithms. Storage systems are access-controlled and monitored. Data is retained only for as long as necessary to fulfil the purposes for which it was collected, in accordance with our Privacy Policy and applicable legal obligations.
7. Access Control
7.1 Principle of Least Privilege
Access to systems and data is granted on a least-privilege basis. Employees and contractors are provided only the permissions necessary to perform their assigned duties. Access rights are reviewed periodically and revoked upon role change or termination.
7.2 Administrative Access
Administrative access to production systems requires strong authentication and is logged. Remote administrative sessions are conducted only over secure, encrypted channels. Shared administrative accounts are not permitted.
7.3 Third-Party Access
Third-party vendors and service providers who require access to Domain's systems or data are subject to contractual security obligations. Their access is scoped, time-limited, and monitored.
8. Vulnerability Management
Domain conducts periodic vulnerability assessments of its infrastructure and applications. Identified vulnerabilities are prioritized based on severity and remediated within defined timeframes. Critical vulnerabilities are addressed on an expedited basis. Security patches are applied to systems and dependencies in a timely manner.
9. Security Monitoring and Logging
System events, authentication attempts, and administrative actions are logged and retained for security analysis. Logs are protected against unauthorized modification. Monitoring systems generate alerts for anomalous or suspicious activity. Alerts are reviewed by responsible personnel.
10. Incident Response
10.1 Detection and Containment
Domain maintains an incident response process for detecting, classifying, and containing security incidents. Designated personnel are responsible for coordinating the response to confirmed or suspected incidents.
10.2 Notification
In the event of a security incident that affects user data, Domain will notify affected users in accordance with its legal and contractual obligations. Notifications will include a description of the incident, the data involved, and the steps being taken.
10.3 Post-Incident Review
Following the resolution of a significant security incident, a post-incident review is conducted to identify root causes, assess the effectiveness of the response, and implement corrective measures to prevent recurrence.
11. Backup and Recovery
Critical data is backed up on a regular schedule. Backups are encrypted and stored in geographically separate locations. Restoration procedures are tested periodically to verify integrity and recovery time. Backup access is restricted to authorized personnel.
12. Physical Security
Physical access to facilities that house production systems is controlled through access authentication mechanisms. Unauthorized physical access is prevented and monitored. Equipment containing sensitive data is securely decommissioned prior to disposal.
13. Employee and Contractor Security
Personnel with access to platform systems and user data are required to complete security awareness training. Confidentiality obligations are established through employment or contractor agreements. Personnel are instructed to report suspected security incidents promptly.
14. Third-Party and Supply Chain Security
Domain evaluates the security posture of critical third-party software components and service providers. Open-source dependencies are monitored for known vulnerabilities. Vendor relationships involving access to sensitive data are governed by written data processing agreements.
15. Security Policy Review
This Security Policy is reviewed at least annually and updated as necessary to reflect changes in technology, threats, operations, or regulatory requirements. Significant changes will be communicated through the platform or via email.
16. Reporting Security Concerns
If you discover a potential security vulnerability or have concerns about the security of our platform, please contact us promptly. We are committed to investigating all credible reports and responding in a timely manner.
Security concerns may be directed to:
- Email: [email protected]
- Phone: +1 587 779 8787
- Address: 80 Great Lakes Dr, Brampton, ON L6R 2K7, Canada
Please do not disclose potential vulnerabilities publicly until Domain has had a reasonable opportunity to investigate and address them.
17. Limitations and User Responsibilities
While Domain implements substantial technical and organizational measures, no system can guarantee absolute security. Users are responsible for maintaining the confidentiality of their own login credentials, using up-to-date browsers and devices, and reporting any unauthorized account activity to Domain without undue delay.