Security

Your Credentials, Fully Protected

You are trusting us with access to your domain registrars. We take that seriously. Every API key is encrypted at rest, processed server-side only, and never exposed to the browser.

Why teams choose this

Encrypted at Rest

Your registrar API keys are encrypted before they touch the database. Even in the unlikely event of a data breach, credentials remain protected.

Server-Side Only

API keys never leave the backend. Every registrar operation happens server-side. Your credentials are never sent to or accessible from the browser.

Least-Privilege Access

We only request the API permissions needed for the features you use. No unnecessary access to billing, account settings, or domain purchases.

How We Protect Your Credentials

When you add registrar credentials, they are encrypted using industry-standard encryption before storage. Decryption happens only at the moment of API communication, in a secure server-side context. The plaintext key exists in memory only for the duration of the API call.

Security You Can Verify

All data is transmitted over HTTPS. Sessions are managed with secure, httpOnly cookies. We implement rate limiting, CSRF protection, and input validation on every endpoint. Your domain registrations remain with your original registrars — we never take ownership.

Works with All 7 registrars

View full compatibility details

WHOIS & Privacy

Multi-Registrar Dashboard

Ready to simplify domain management?

Create a free account and connect your first registrar in under two minutes.

Explore Dashboard

Free forever plan · No credit card required