FR EN

Domain and branding

This page covers your company's domain identity and the branding the citizen sees.

Domain verification and did:web identity

The company verifies a domain it controls. That verification mints its did:web identity of the form:

did:web:agreely.ca:c:{slug}

Agreely hosts the DID document for it and links it to your verified real domain via an alsoKnownAs link. The DID document publishes the company's public key or keys, which lets anyone verify your signatures without trusting Agreely.

Verified domain and active signing key required

Issuing signed consent requests requires both a verified domain and an active signing key. Without both, the company cannot produce the signatures a consent request carries.

For the cryptography underneath, see signatures and passkeys and the shape of DID documents.

Custom domain, Growth and up

From the Growth tier onward, the company can configure a custom domain: link its host and email domain, and publish the required SPF and DKIM records for email authentication. See the billing tiers for which tiers include the custom domain.

The company uploads a logo. On receipt, the logo is validated, re-encoded to a small square WebP, and its EXIF metadata is stripped. SVG files are refused for safety, since they can carry script.

The citizen sees this logo on the company cards of their dashboard and in the company-detail header. When there is no logo, a fallback shows the company's initials or emblem.

Fetched by an opaque handle

The citizen fetches the logo by an opaque handle, never by a raw company id. Nothing in how the logo is served lets anyone correlate a company across the citizen surfaces, which preserves unlinkability.

Next