Security Statement

EFFECTIVE DATE: 11/09/2022

At Certemy, we know how valuable your work is to you — after all, what’s more important than Data you upload to Certemy everyday? That’s why we work hard to respect your privacy and ensure that your data is always safe with us. Here are some of the ways in which we keep your Data private and your work secure.

Certemy and the EU General Data Protection Regulation (GDPR)

At Certemy, we’re committed to privacy—that’s why our privacy policies are already consistent with the high standard of the new European data protection law known as GDPR, and why we’re ensuring we maintain those rights and extend them to all our users, inside and outside the EU.

How is my data safe?

Complete control over who can access your Data

All entered Data is private by default. Accessing your Data requires a user to have a Certemy account and be invited to view and modify your Data by an authorized user of your account.

You can also decide to make your Data viewable by others with a shared link and to allow others to download the Document.

Direct file access is protected behind the following security measures

  • All files are available through a URL (including images and when enabled, the downloadable Certemy document).

  • The URL cannot be guessed and all filenames are obfuscated.

Where is my data stored?

All Certemy data is stored in the US (AWS datacenter). More on AWS security.

Is my data secure?

  • All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.

  • We have data encryption in transit, meaning all our data in the database, underlying storage, backups, replicas and snapshots passes through the encrypted channel.

  • Only a handful of people can access data and they only do so in order to improve the services we provide.

  • We monitor and audit our usage logs.

What Third Party services do you use?

We use a number of third parties to store user data in order to provide/improve our services:

  • We send a monthly newsletter using Hubspot. This newsletter is only sent to customers who signed up specifically to receive the newsletter.

  • We send transactional and administrative emails through Mailchimp.

  • We use Google Analytics to track page views to improve usability of our marketing website and Web Certemy App.

  • We use Sentry to track errors that occur within Web Certemy App and the API. This also includes certain data that correlates with the error, but does not include sensitive customer information (passwords, tokens etc).

  • We use CloudFlare (as CDN) to distribute our resources for our marketing website

  • All payments are processed by Stripe. We don’t currently store any payment information or customer data from these transactions.

  • Our search functionality on Web Certemy App is powered by Amazon Elastic Search.

  • Our Customer Support team use Mailchimp and Hubspot to provide email and social media support for users.

Compliance

The environment that hosts the Certemy services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

You can find out more about our policies in our Terms of Service and Privacy Statement. If you have any questions about security at Certemy, please contact our Customer Support team.