Skip to main content

Security & Trust

Built for enterprise compliance from day one. Transparent security practices and independent audits.

View CertificationsRequest Security Audit
🔒
SOC 2 Type II
In Progress
🛡️
GDPR
Compliant
🔐
256-bit AES
Encryption
⏱️
99.9%
Uptime SLA

Compliance Certifications

Independently audited security and compliance standards

SOC 2 Type II (In Progress)

CertNode is currently undergoing SOC 2 Type II audit with an independent third-party auditor. Expected completion: Q2 2025.

Security controls implemented and tested
6-month observation period underway
Audit readiness assessment passed

Auditor: [Audit firm name withheld until completion]

GDPR Compliant

CertNode is compliant with the EU General Data Protection Regulation (GDPR).

Data Processing Agreements (DPA) available
Right to erasure (deletion) implemented
Data portability (export) available
EU data residency options

HIPAA Available (Enterprise)

HIPAA-compliant infrastructure available for Enterprise customers handling PHI.

Business Associate Agreement (BAA) available
PHI encryption at rest and in transit
Access logging and audit trails

Contact sales for HIPAA-compliant deployment

PCI DSS Level 1

CertNode does not store, process, or transmit payment card data. We create receipts after payment processing.

No card data storage = No PCI scope
Integrates with PCI-compliant processors (Stripe)

Infrastructure Security

Enterprise-grade security built on industry-leading cloud infrastructure

🔐

Encryption Everywhere

At rest: AES-256 encryption for all data
In transit: TLS 1.3 for all connections
Key management: AWS KMS with rotation
Database: Encrypted PostgreSQL (Supabase)
🔑

Access Control

Authentication: SSO via SAML/OIDC (Enterprise)
MFA: Required for all admin accounts
RBAC: Role-based access control
API keys: Scoped permissions and rotation
📊

Monitoring & Logging

Audit logs: All API calls logged and retained
Intrusion detection: AWS GuardDuty + Cloudflare WAF
Anomaly detection: AI-powered threat detection
Uptime monitoring: 24/7 automated monitoring
💾

Backups & Recovery

Automated backups: Hourly incremental, daily full
Retention: 30 days point-in-time recovery
Geo-redundant: Multi-region replication
RTO/RPO: 4hr RTO, 1hr RPO (Enterprise)
☁️

Cloud Infrastructure

AWS: SOC 2, ISO 27001, FedRAMP certified
Vercel: Edge network with DDoS protection
Supabase: PostgreSQL with Row Level Security
Cloudflare: WAF, DDoS protection, rate limiting
🎯

Security Testing

Penetration tests: Annual third-party pentests
Vulnerability scans: Weekly automated scanning
Dependency scanning: Continuous CVE monitoring
Bug bounty: Private program (invite-only)

Security Team & Processes

Security Team

CertNode's security is overseen by experienced security engineers with backgrounds in cryptography, compliance, and infrastructure security.

• Dedicated security engineering team
• 24/7 security monitoring and incident response
• Quarterly security training for all employees
• Background checks for all team members with data access

Incident Response

We maintain a formal incident response plan with defined procedures for detection, containment, and recovery.

Detection: Automated alerts for anomalies
Response time: <1 hour for critical incidents
Communication: Transparent disclosure within 72 hours
Post-mortem: Public reports for all incidents affecting customers

Responsible Disclosure

We welcome security researchers to report vulnerabilities through our responsible disclosure program.

Report: security@certnode.io (PGP key available)
Response time: Initial response within 24 hours
Remediation: Critical issues patched within 7 days
Recognition: Security Hall of Fame + bounties (private program)

Transparency & Accountability

Real-time visibility into our security and operational status

📈

Status Page

Real-time uptime and performance metrics

View Status →
📄

Security Reports

Download our latest security reports

Request Reports →
📧

Security Contact

Report security issues or ask questions

security@certnode.io