Security

Built to be trusted with your data.

DomeTech sits in the middle of your product and your customers, so security is a first-class concern. Here is how the platform is designed to protect data and stay secure.

Encrypted in transit

All API traffic and webhook delivery is served over TLS. Nothing moves between you and DomeTech in the clear.

Scoped API keys

Separate test and live keys with granular scopes. Rotate or revoke any key instantly from the dashboard.

Signed webhooks

Every webhook is HMAC-signed so your product can verify that a delivery genuinely came from DomeTech.

Managed infrastructure

The platform runs on managed, reputable cloud providers, with least-privilege access between services.

Purpose-bound processing

Source media is processed to generate the assets you request, and handled in line with our data processing terms.

Per-org isolation

Usage, keys and rate limits are scoped per organisation, so one tenant can never reach another tenant's data.

Doing due diligence?

We are happy to walk through our architecture, data handling, data processing terms and infrastructure in detail. Get in touch and we will share the relevant documentation for your review.

Request security documentation