1. The Information We Collect and Store
We may collect and store the following information when running the DOMA Service:
Information You Provide: User accounts contain name, email address, and user name to our Services. When posting records/documents to the Service, metadata is attached to each file uploaded. This metadata is customer defined and may contain personal identifiable information (“PII”) or protected health information (“PHI”).
Files: We collect and store the files you upload, download, or access with the DOMA Service (“Files”). These files may contain PHI or PII.
Log Data: When you use the Service, we automatically record information from your Device, its software, and your activity using the Services. This may include the Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Service.
Cookies: We also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your Device. DOMA uses Session ID cookies to safeguard customer access to the site. Closing Internet Explorer eliminates the cookies when your session is complete. No cookies are permanently maintained by DOMA on customer workstations. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.
2. Personal Information
Personal Information: In the course of using the Service, we may collect personal information that can be used to contact or identify you or your uploaded documents (“Personal Information”). Personal Information is or may be used: (i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, and (v) to provide or offer software updates and product announcements
Analytics: We also collect some information (ourselves or using third party services) using logging and cookies, which can sometimes be correlated with Personal Information. We use this information for the above purposes and to monitor and analyze use of the Service, for the Service’s technical administration, to increase our Service’s functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests. As of the date this policy went into effect, we use Google Analytics.
3. Information Sharing and Disclosure
Compliance with Laws and Law Enforcement Requests; Protection of DOMA's Rights: In compliance with United States law, DOMA cooperates with United States law enforcement when it receives valid legal process, which may require DOMA to provide the contents of your DOMA Service. We may disclose to parties outside DOMA data and information stored in the DOMA Application when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of DOMA or its users; or (d) to protect DOMA’s property rights. If we provide your DOMA files to a law enforcement agency as set forth above, we will remove DOMA’s encryption from the files before providing them to law enforcement. However, DOMA will not be able to decrypt any files that you encrypted prior to storing them on DOMA
Non-private or Non-Personal Information: We may disclose your non-private, aggregated, or otherwise non-personal information, such as usage statistics of our Service.
4. Data Retention
We will retain your information for as long as your account is active or as needed to provide you services. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. When your account is no longer active, or a request has been submitted to purge data, all data including backups and replicated data are permanently removed.
While no method of electronic transmission or storage is 100% secure, we follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. DOMA follows National Institute of Standards and Technology (NIST) guidelines for general practices for securing IT systems, and all encryption algorithms used meet FIPS 140-2 criteria.
Secure Storage: We encrypt the files that you store on DOMA using FIPS 140-2 approved encryption, the same encryption standard approved for Federal Government use. Encryption for storage is applied prior to transmission and we manage the encryption keys.
DOMA uses multiple storage area networks (“SAN”) for data storage. This data is stored at two largescale data centers. These FISMA Moderate and SSAE 16 compliant data centers are located in Richmond, VA and Atlanta, GA.
Secure Transfers: Your files are sent between DOMA’s desktop clients and our servers over a secure channel using TLS (Transport Layer Security) encryption, the standard for secure Internet network connections.
Your Data is Backed Up: DOMA keeps redundant backups of all data over multiple locations to prevent the remote possibility of data loss. Multiple copies of data are kept online and onsite in our Richmond, VA data center while additional copies are replicated to the Atlanta SAN minutes after posting to the Richmond SAN.
User and Password Security: User sessions within the Service are automatically terminated after 20 minutes of inactivity. This session timer can be shortened if required by contacting the DOMA Support Helpdesk (firstname.lastname@example.org). User passwords are stored in individual customer databases, and are always stored in an encrypted stated. DOMA employees do not have access to the passwords and do not have the capability to provide users with an existing password. The DOMA Service uses the following password complexity requirements for new passwords: Valid passwords must contain at least 8 characters (40 max), 1 uppercase letter, 1 lowercase letter, 1 digit, and 1 symbol or special character.
Password change intervals can be assigned to groups within the DOMA Service.
Privacy: DOMA employees are prohibited from viewing the content of files you store in your DOMA account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in this policy (e.g., when legally required to do so, or directly working with customers). But that’s the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.
6. Training and Education
DOMA is committed to the education and development of its employees. All employees undergo annual awareness training covering such topics as Information Assurance, Privacy, and Security. Employees also receive training on a broad range of topics depending on their specific job duties and areas of responsibility. As part of our commitment to the ISO 9001:2008 standard, we strive to keep all of our employees current with company policy, procedure, as well as technological updates in our industry. DOMA also provides educational reimbursement for employees seeking training outside the corporate environment.
7. Contacting Us