Security & Privacy

1. Core principles

• Integrity: Records are designed to remain traceable and make later changes detectable (depending on setup via checksums/references).
• Confidentiality: Access to protected areas is role- and permission-based. Data access follows a “need-to-know” principle.
• Availability: Operations aim for stable availability, traceable deployments, and fast incident handling.
• Data minimization: We process only the data required to provide the service. Scope and details may vary depending on usage/features.

2. Access control

Account and administrative access is handled through authentication and session management. Permissions follow “need-to-know”. Sensitive actions are validated server-side and protected against unauthorized execution.

3. Transport & data security

Data in transit is typically protected via TLS. Server-side safeguards (e.g., secure configuration, access restrictions, secret handling) are implemented to reduce attack surface. Concrete technical details may vary by hosting/setup.

4. Logging & abuse prevention

Technical logs (e.g., server logs) may be generated for troubleshooting, stability, and attack detection. This supports secure operations and abuse prevention. For details about personal data processing, see the Privacy Policy.

5. Blockchain references (integrity)

Certifylize can anchor cryptographic checksums (hashes) and technical references to support later consistency checks. Important: anchoring is not a legal assessment and not a compliance guarantee—it provides integrity/traceability signals.

6. Responsibilities

Customers/issuers are responsible for the content they provide in certificates or metadata (e.g., product data, documents, validity statements). Certifylize provides the technical platform and verification pathways.

7. Reporting security issues

If you believe you found a security issue, please contact us at support@certifylize.com. Please do not send sensitive data unencrypted.