Security

Last updated: December 2025

Our Commitment

Security is foundational to Domain Collective. You trust us with your registrar credentials, and we take that responsibility seriously.

How We Protect Your Data

Encryption

All connections use TLS encryption
Registrar credentials are encrypted at rest using AES-256
Credentials are only decrypted in memory when calling registrar APIs

Access Control

Your credentials are never visible to our team
Production access is restricted with hardware security keys
Every sensitive action is logged for auditing

Infrastructure Security

Hosted on secure cloud infrastructure with DDoS protection
Rate limiting prevents credential stuffing and abuse
Automated security monitoring and alerting

Development Practices

All code changes are peer-reviewed
Automated security scanning for dependencies
Critical patches applied within 24 hours

Your Responsibilities

Keep your registrar API credentials secure
Enable MFA on your registrar accounts where available
Review the activity feed for suspicious actions
Report any security concerns immediately

Bug Bounty & Responsible Disclosure

We welcome security researchers to help us improve. If you find a vulnerability:

Email security@collective.domains
Include steps to reproduce and potential impact
Avoid testing against customer data
Allow us reasonable time to fix before disclosure

We will acknowledge your report within 24 hours and keep you updated on our progress. We appreciate your help in keeping Domain Collective secure.

Incident Response

If a security incident occurs:

We notify affected users promptly via email
Status updates are posted to our status page
We conduct thorough post-incident reviews

Security questions? Email security@collective.domains.