Privacy

How we handle your data

Enterprise privacy baseline for security review, procurement, and customer diligence. Certus is evidence-first and privacy-forward: we minimize collection, document processing, and support export and deletion workflows.

Data minimisation

Certus is designed to collect the minimum data required to deliver evidence workflows, automation telemetry, access control, and support. Repository source code remains in your SCM unless you explicitly provide it through another channel.

Regional residency

Production hosting, backup, and identity configuration can be aligned to enterprise residency and customer-specific deployment requirements. Regional and deployment commitments are finalized through your commercial agreement or pilot scope.

Access controls

Certus uses organization-scoped access controls, SSO-capable identity flows, hashed API credentials, and auditable administrative actions. Sensitive actions are restricted to authorized users and operational staff on a need-to-know basis.

CLI data handling

When certus scan runs with sync enabled, the following data is transmitted to the Certus platform. Source code is never uploaded.

Scan metadata — Timestamps, scanner versions, scan duration

Findings summary — Severity counts (critical/high/medium/low), grade (A-F), overall score

Evidence pack hash — SHA-256 HMAC signature for tamper detection

Repository identifiers — Owner/name (e.g. "org/repo-name"), not source code

Branch & commit — Branch name and commit SHA for traceability

Control mappings — Framework control IDs with pass/fail/partial status

Blueprint results — Blueprint slug, status, and summary — no raw scan output

Identity & access

How Certus authenticates users, manages API keys, and records access events.

Identity provider — Authentication is handled through Auth0-backed identity flows. Certus does not store plaintext passwords. Enterprise customers may use email/password, approved social login, or enterprise SAML/OIDC once provisioned for their environment.

Session tokens — Session state is stored in secure, HTTP-only cookies with SameSite=Lax. No tokens are placed in localStorage or exposed to client-side JavaScript.

API keys — API keys are hashed with SHA-256 before storage. Certus cannot recover a lost key — only regenerate a new one. Keys are org-scoped and compared using timing-safe equality to prevent side-channel attacks.

Audit trail — State-mutating actions such as scan uploads, key regeneration, membership changes, evidence exports, and administrative updates may be recorded in an audit trail with actor identity, action type, resource reference, and timestamp for security, forensics, and compliance operations.

Encryption & evidence integrity

How data is protected in transit, at rest, and how evidence packs are cryptographically signed.

In transit — All connections to the Certus platform use HTTPS/TLS. HSTS and transport hardening headers are enforced on public production endpoints. CLI and browser traffic use encrypted transport.

At rest — Hosted service data is encrypted at rest using cloud-provider controls and managed key infrastructure appropriate to the deployment environment. Customer-specific keying and dedicated environments are handled through enterprise deployment scope.

Evidence signing — Evidence packs and related compliance artefacts may be signed or hashed to support integrity validation, tamper detection, and audit traceability.

Processing summary

Purpose

Compliance automation, audit evidence operations, product security workflows, access management, support, billing, and service reliability.

Primary infrastructure

Google Cloud infrastructure with Auth0 for authentication and identity workflows. Optional integrations are customer-enabled.

Retention

Retention depends on contract, blueprint settings, legal requirements, and customer configuration. Enterprise-specific retention schedules may be agreed in writing.

Contracting

Data processing terms, security exhibits, and regulated-workload addenda are available through enterprise contracting.

Need to execute a data subject request, review subprocessors, or request current security artefacts? Use the enterprise enquiry form. Requests are handled through the support and legal review process.

Your rights

Depending on your jurisdiction and contract, you may have rights to access, correct, export, restrict, or delete personal data processed by Certus.

Data export

Organization admins may export evidence, scan history, and operational records subject to plan features, contractual scope, and security controls.

Account deletion

Contact privacy@getcertus.cloud to request account deletion or tenant offboarding support. Fulfillment depends on legal retention obligations and active contractual commitments.

Data correction

Users and administrators may update profile and organization details directly where supported. For evidence-record corrections, contact your account owner or Certus support.

Contact

For privacy inquiries: privacy@getcertus.cloud. For security reports: security@getcertus.cloud. Procurement, DPA, and legal requests are routed through the enterprise review process.