Skip to main content
Domavia
Latest

Security

How Domavia protects your data with encryption, access controls, and infrastructure security.

Domavia uses multiple layers of protection to keep your data safe. For details on what data we collect and how we use it, see our Privacy Policy.

Encryption

  • Data in transit: TLS 1.3 in production deployments
  • Data at rest: AES-256 encryption for stored data
  • Documents: AES-256 encryption for sensitive documents at rest
  • Passwords: Bcrypt with salt (never stored in plain text)
  • Backups: All backups encrypted

Access controls

  • Authentication: Secure login with password requirements
  • Two-factor authentication: Optional 2FA for extra security
  • Session management: Automatic logout after inactivity
  • Role-based access: Least-privilege principle
  • Audit logging: All data access is tracked

Infrastructure

  • Hosting: Cloud-based infrastructure with regional data residency
  • Firewalls: Network-level protection
  • DDoS protection: Cloudflare
  • Security patches: Applied promptly

Application security

  • Input validation: Prevents injection attacks
  • CSRF protection: Token-based
  • XSS prevention: Output encoding
  • Security headers: HSTS, CSP, and more
  • Rate limiting: Prevents abuse

Backup and recovery

Domavia maintains backup and recovery procedures as part of our operational practices. For details on current backup configuration and retention policies applicable to your account, contact [email protected].

Cookies

When you first visit, a cookie banner lets you choose which cookies to allow. Essential cookies (authentication, CSRF protection) are always active. Analytics and marketing cookies are off by default until you consent.

You can update your preferences anytime in Settings > Privacy > Cookie Preferences or through the cookie banner.

For full cookie details, see our Privacy Policy.

Your responsibilities

Strong passwords

  • At least 12 characters
  • Mix of letters, numbers, and symbols
  • Different from other sites
  • Use a password manager

Two-factor authentication

  • Enable 2FA for an extra security layer
  • Use an authenticator app (more secure than SMS)
  • Save your backup recovery codes

General practices

  • Log out on shared devices
  • Use trusted networks
  • Keep your software updated
  • Report suspicious activity immediately

Reporting security issues

If you discover a vulnerability, email security@domavia.app.

Include a clear description, steps to reproduce, and potential impact. We acknowledge reports within 24 hours and investigate immediately.

We investigate all reports and respond within 24 hours. Contact us to discuss responsible disclosure.

Compliance

  • SOC 2: Security controls implemented in alignment with SOC 2 framework requirements (not yet independently audited)
  • ISO 27001: Information security management practices following ISO 27001 guidance (not yet independently audited)
  • GDPR: Platform designed for GDPR compliance for EU/EEA users
  • CCPA: Platform designed for CCPA compliance for California users

For questions about specific compliance controls or certification status, contact [email protected].

Questions

For security questions, contact security@domavia.app.

For privacy questions, see our Privacy Policy or contact privacy@domavia.app.

Privacy Policy

Domavia's commitment to protecting your personal data, explaining what information we collect, how we use it, and the choices available to you.

Frequently Asked Questions

Find answers to common questions about using Domavia for international property investment and mobility planning.

On this page

EncryptionAccess controlsInfrastructureApplication securityBackup and recoveryCookiesYour responsibilitiesStrong passwordsTwo-factor authenticationGeneral practicesReporting security issuesComplianceQuestions