Data handling
Client data is scoped to what is necessary to run the engagement. Domain portfolios and watchlists are encrypted at rest and in transit. We do not commingle client data across engagements. We do not store classified or controlled-unclassified information. Access to client data is limited to the operator and to specific service-provider integrations documented in the engagement agreement.
Infrastructure
DomainSafe infrastructure runs on US-based cloud providers with SOC 2 Type II posture (AWS, Cloudflare, Anthropic). The CZDS ingest pipeline is operated under ICANN's approval terms.
Incident response
If we detect a security incident affecting your data, we notify you within 24 hours of confirmation and provide a written summary of impact, remediation, and follow-up steps. We coordinate with your security team on disclosure timing where regulatory or legal obligations apply.
Procurement and audit
For engagements that require it, we sign a data processing addendum (DPA) and a service-specific SLA. We respond to security questionnaires from buyers' procurement teams. We do not currently hold SOC 2 attestation as a sole-operator entity; the infrastructure we run on does, and we are documenting the supplemental controls that close the gap for buyers who require it.
Contact
Security questions: daniel@domainsafe.com. The operator responds.