At Certemy, we know how valuable your work is to you — after all, what’s more important than Data you upload to Certemy everyday? That’s why we work hard to respect your privacy and ensure that your data is always safe with us. Here are some of the ways in which we keep your Data private and your work secure.
At Certemy, we’re committed to privacy—that’s why our privacy policies are already consistent with the high standard of the new European data protection law known as GDPR, and why we’re ensuring we maintain those rights and extend them to all our users, inside and outside the EU.
All entered Data is private by default. Accessing your Data requires a user to have a Certemy account and be invited to view and modify your Data by an authorized user of your account.
You can also decide to make your Data viewable by others with a shared link and to allow others to download the Document.
All files are available through a URL (including images and when enabled, the downloadable Certemy document).
The URL cannot be guessed and all filenames are obfuscated.
All Certemy data is stored in the US (AWS datacenter). More on AWS security.
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
We have data encryption in transit, meaning all our data in the database, underlying storage, backups, replicas and snapshots passes through the encrypted channel.
Only a handful of people can access data and they only do so in order to improve the services we provide.
We monitor and audit our usage logs.
We use a number of third parties to store user data in order to provide/improve our services:
We send a monthly newsletter using Hubspot. This newsletter is only sent to customers who signed up specifically to receive the newsletter.
We send transactional and administrative emails through Mailchimp.
We use Google Analytics to track page views to improve usability of our marketing website and Web Certemy App.
We use Sentry to track errors that occur within Web Certemy App and the API. This also includes certain data that correlates with the error, but does not include sensitive customer information (passwords, tokens etc).
We use CloudFlare (as CDN) to distribute our resources for our marketing website
All payments are processed by Stripe. We don’t currently store any payment information or customer data from these transactions.
Our search functionality on Web Certemy App is powered by Amazon Elastic Search.
The environment that hosts the Certemy services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.