Technology & Security
We safeguard your most sensitive data with enterprise-grade security, through a combination of industry-leading technologies, ongoing certification, and more than a decade of experience and expertise.
User Connection and Communication Layer Security – TLS 1.2 + encryption protects all information flows and communication.
Operational and Physical Security – Fully redundant and replicated in real-time, our solutions operate from secure AT 101 SOC 2 Type 2 and ISO 27001 Compliant Data Facilities.
Document Encryption and Storage – Data and documents are stored using industry-leading protocols and encryption algorithms.
Document Audit Trail, Agreement Registry and Vault – We provide a complete audit trail for all transactions, including each time a document is accessed and signed, along with the date, IP address, email address, hash record, and signing method.
Certifications – Sertifi is AppExchange Certified, HIPAA compliant, and AT 101 SOC 2 TYPE 2 Audited Data Facilities. We are compliant with PCI Security Council Standards and conduct annual audits. Sertifi is also listed on the Cloud Security Alliance (CSA) registry.
PCI Level 1 Compliance
Sertifi is a validated PCI Compliance Level 1 service provider. Our solution has been independently verified for PCI Level 1 compliance by a PCI Security Standards Council Qualified Security Assessor.
As the Data Processor of your customer and end user information, we’ve implemented the necessary security, privacy, processes, and controls to meet obligations as a processor under Article 28 of GDPR. Our customers (you!) are the Data Controllers and have responsibilities to implement any available enhancements as well as any necessary policy, procedures, or notices. Visit Sertifi and GDPR or our European User Disclosure for more information.
Reliable & Scalable
You can count on Sertifi’s infrastructure to work when you need it, with SLA uptime guarantees of 99.9%. Our system is monitored 24 hours a day, 365 days a year, with multiple levels of redundancy and real-time visibility via our System Status page. Whether you’re processing 100 or 100,000 transactions, our tools are built to handle all of your requirements.
Our solution seamlessly integrates with leading CRM systems like Salesforce through pre-built integrations, or into your existing applications, websites, or back-end systems using our web service API. In addition, we are proud to partner with payment providers and gateways, Zuora and other billing tools, and hospitality systems such as Delphi.fdc.
Electronic Signatures obtained through Sertifi are legally binding in accordance with global regulations, including the Electronic Signatures in Global and National Commerce Act of 2000 (ESIGN Act) and the Uniform Electronic Transactions Act (UETA) within the U.S., IDAS Regulation EU 910/2014 on electronic identification, trust services in the European Union, and other regulations throughout the world. Sertifi is certified and an active participant of the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
Complete Audit Trail and Secure Agreements – All signed documents are hashed using SHA-256 to verify the integrity of the document and signatures, and can be optionally configured with tamper-proof seals to detect any changes to electronically signed documents.
Signer Authentication – Multiple options are available, including email-based authentication, log-in authentication, file password validation, knowledge-based authentication (ID Check), and SMS authentication.
Consumer Disclosure – Documents sent through Sertifi include a full consumer disclosure statement, informing signers of their rights. If they prefer not to sign electronically, signers can request paper copies. Sertifi offers an optional Print, Sign and Fax feature that allows an individual signer to apply a wet signature and still participate in the electronic transaction.
Intent to Sign – Sertifi requires signers to demonstrate their intent to sign a document by typing their name or signing with a mouse or finger on touch devices. We offer this higher-level of functionality in order to comply with standards governing intent; while other solutions might require only a click of the mouse, experts involved with creating the ESIGN Act suggest that this does not show as strong of an intent to sign.
In partnership with major payment providers and gateways, we help our customers collect secure payment information and payments with unprecedented security and simplicity. Leveraging the latest payment and tokenization technologies, we offer secure and PCI-compliant solutions that eliminate physical paper and make it easy to pay, while eliminating sensitive data from our customers’ environments.
3D Secure: 3DS is the process that authenticates high risk transactions by forcing payers to validate they have their credit card and that they are who they say they are. It is Sertifi’s solution that will allow customers in the EU to comply with the Second Payment Services Directive (PSD2) which is a law that requires two-factor authentication for payment processing.