All Collections
Compliance and Regulation
Security, GDPR, and more
Security: required services used by doxy.me
Security: required services used by doxy.me

Understand the three primary services used to maintain our platform.

Dylan Turner avatar
Written by Dylan Turner
Updated over a week ago

When setting up your local network to work with doxy.me, we ask you to ensure that eight doxy.me domains are whitelisted.

In this article, we explain further what services those domains support and how they assist doxy.me in maintaining our service.

Doxy.me is built on top of the open-source real-time communication standard WebRTC. Real-time communication creates many challenges, including signaling and routing, adaptive quality adjustments, cross-platform support, scalability, and uptime, as well as error handling. By utilizing tokbox's OpenTok platform, doxy.me can focus less on the infrastructure required to deliver HIPAA-compliant real-time video and audio communications between a provider and patient, and more on the features needed for day-to-day telemedicine.

Doxy.me uses tokbox's OpenTok platform to implement screen sharing and group calling, proactively adapt to changes in network quality and ensure the service works in corporate environments without the need to change the network configuration and risk compromising user safety. Additionally, OpenTok ensures any call that takes place on doxy.me's service is end-to-end encrypted using AES-128, any errors are logged and archived using encryption for further investigation, and that all potentially sensitive or personally identifying data is made anonymous or completely removed from logs. 

Whitelisted domains: *.tokbox.com, *.opentok.com

Pubnub allows Doxy.me to detect in real-time when providers are online and in their waiting rooms, as well as when patients have arrived in the waiting room and are ready to be seen by their provider. This detection helps notify a provider that a patient is ready for care and prepares the service to start a video or audio call.

Doxy.me also utilizes Pubnub's robust infrastructure built to provide HIPAA-compliant real-time text-based chat. Pubnub's chat infrastructure is reliable, fast, end-to-end encrypted using AES-256, GDPR compliant and Privacy Shield certified, and protected from any unauthorized access or manipulation. 

Whitelisted domains: pdnsn.com, *.pubnub.com

For mail services and password resets, please make sure to allow mandrillapp.com.

We maintain BAAs with all vendors as required under HIPAA

If you have any other questions, please contact our support team.

Did this answer your question?