Skip to main content

Security & Compliance

We know reliable security isn't optional. Certifications and rigorous compliance methods keep you and your guests safe.


We safeguard your most sensitive data with enterprise-grade security, through a combination of industry-leading technologies, ongoing certification, and more than a decade of experience and expertise.

User Connection and Communication Layer Security – TLS 1.2 + encryption protects all information flows and communication.

Operational and Physical Security – Fully redundant and replicated in real-time, our solutions operate from secure AT 101 SOC 2 Type 2 and ISO 27001 Compliant Data Facilities.

Document Encryption and Storage – Data and documents are stored using industry-leading protocols and encryption algorithms.

Document Audit Trail, Agreement Registry and Vault  – We provide a complete audit trail for all transactions, including each time a document is accessed and signed, along with the date, IP address, email address, hash record, and signing method.

Certifications – Sertifi is AppExchange Certified, HIPAA compliant, SOC 1 Type 2 and SOC 2 Type 2 compliant, and Veracode Verified. We are compliant with PCI Security Council Standards and conduct annual audits. Sertifi is also listed on the Cloud Security Alliance (CSA) registry.

PCI Level 1 Compliance

Sertifi is a validated PCI Compliance Level 1 service provider. Our solution has been independently verified for PCI Level 1 compliance by a PCI Security Standards Council Qualified Security Assessor.

We are also listed on the Visa Global Registry of Service Providers (see Sertifi).

View our PCI DSS Attestation of Compliance online:


As the Data Processor of your customer and end user information, we’ve implemented the necessary security, privacy, processes, and controls to meet obligations as a processor under Article 28 of GDPR. Our customers (you!) are the Data Controllers and have responsibilities to implement any available enhancements as well as any necessary policy, procedures, or notices. Visit Sertifi and GDPR or our Consumer Disclosure for more information.



The California Consumer Privacy Act (CCPA) gives California consumers greater control over the personal information that businesses like Sertifi collect. We follow CCPA regulations and provide notice of our privacy practices from our privacy policy.

Reliable & Scalable

You can count on Sertifi’s infrastructure to work when you need it, with SLA uptime guarantees of 99.9%. Our system is monitored 24 hours a day, 365 days a year, with multiple levels of redundancy and real-time visibility via our System Status page. Whether you’re processing 100 or 100,000 transactions, our tools are built to handle all of your requirements.


We integrate with other solutions to help our customers finalize business faster and securely. Our integration partners go through a rigorous certification process to ensure security and compliance requirements are met.

Secure Payments

In partnership with major payment providers and gateways, we help our customers collect secure payment information and payments with unprecedented security and simplicity. Leveraging the latest payment and tokenization technologies, we offer secure and PCI-compliant solutions that eliminate physical paper and make it easy to pay, while eliminating sensitive data from our customers’ environments.

3D Secure: 3DS is the process that authenticates high risk transactions by forcing payers to validate they have their credit card and that they are who they say they are. It is Sertifi’s solution that will allow customers in the EU to comply with the Second Payment Services Directive (PSD2) which is a law that requires two-factor authentication for payment processing.

Legally Binding

Electronic Signatures obtained through Sertifi are legally binding in accordance with global regulations, including the Electronic Signatures in Global and National Commerce Act of 2000 (ESIGN Act) and the Uniform Electronic Transactions Act (UETA) within the U.S., IDAS Regulation EU 910/2014 on electronic identification, trust services in the European Union, and other regulations throughout the world. Sertifi is certified and an active participant of the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.

Electronic Signatures & Global Compliance

To learn more about the different types of electronic signatures and electronic signature laws, view our guide.

Complete Audit Trail and Secure Agreements – All signed documents are hashed using SHA-256 to verify the integrity of the document and signatures, and can be optionally configured with tamper-proof seals to detect any changes to electronically signed documents.

Signer Authentication – Multiple options are available, including email-based authentication, log-in authentication, file password validation, knowledge-based authentication (ID Check), and SMS authentication.

Consumer Disclosure – Documents sent through Sertifi include a full consumer disclosure statement, informing signers of their rights. If they prefer not to sign electronically, signers can request paper copies. Sertifi offers an optional Print, Sign and Fax feature that allows an individual signer to apply a wet signature and still participate in the electronic transaction.

Intent to Sign – Sertifi requires signers to demonstrate their intent to sign a document by typing their name or signing with a mouse or finger on touch devices. We offer this higher-level of functionality in order to comply with standards governing intent; while other solutions might require only a click of the mouse, experts involved with creating the ESIGN Act suggest that this does not show as strong of an intent to sign.

For a full summary of our security features, refer to our guide.