Editorial since 2015 · Trusted by 1,200+ filings
France / Français United Kingdom / English
Certif Europe Main · Est. 2015 Order online
Security architecture

Your documents and identity, protected at every step.

End-to-end encryption, EU-only hosting, strict data separation. Here is what we have in place.

The 6 pillars

A security architecture built for sensitive legal acts.

TLS 1.3 encryption in transit

All exchanges between your browser and our servers are encrypted with TLS 1.3 using modern cipher suites (ECDHE-ECDSA-AES256-GCM-SHA384). Older TLS versions (1.0, 1.1, 1.2) are disabled.

AES-256 encryption at rest

Uploaded documents and identity data are encrypted at rest with AES-256. Encryption keys are stored in a separate KMS service, never co-located with the data.

EU-only hosting

All signing operations and data storage happen on EU-hosted servers (Paris and Dublin regions). No data is transmitted outside the EU as part of operational service.

Strict data separation

Identity data (IDs, photos), documents to sign, payment information and technical logs are stored in separate databases with distinct access controls per category.

Full GDPR compliance

Processing register maintained, GDPR-compliant subprocessors, access/rectification/erasure rights honored within 30 days, DPO reachable. See our privacy policy.

Automatic deletion

The signed document is automatically deleted from our systems 30 days after delivery (unless explicitly extended). Identity documents are kept per the eIDAS minimum (10 years), strictly.

No banking data storage

Certif Europe stores no banking data. All payments are handled by Stripe, certified PCI DSS Level 1 (the highest banking compliance level). Card data is entered directly in Stripe's environment and never transits our servers.

Fraud detection & prevention

We apply automated checks on every order:

  • Consistency check between declared identity and payment method
  • Identity-spoofing detection (deepfake, retouched photo, modified document)
  • Per-IP / browser-fingerprint rate limiting on multiple attempts
  • Cross-checking against EU sanctions lists

Audits & partner QTSP certifications

Our partner Qualified Trust Service Provider undergoes annual audits by an accredited compliance body (CAB), in accordance with Article 17 of the eIDAS Regulation. Audit reports are submitted to the national supervisory body (ANSSI in France).

Certifications applicable to our partner QTSP typically include:

  • ETSI EN 319 411-1 (general policy for QTSPs)
  • ETSI EN 319 411-2 (qualified certificate policy)
  • ISO 27001 (Information Security Management System)
  • ANSSI (Référentiel Général de Sécurité — RGS qualification)

Service continuity

The Certif Europe infrastructure is designed for 99.9% availability. In case of incident:

  • Automatic failover to secondary EU region in under 5 minutes
  • Daily encrypted backup of critical data
  • Disaster recovery plan tested every six months

Reporting a security incident

If you discover a vulnerability or potential security flaw, write immediately to security@certifeurope.com. We acknowledge receipt within 24 business hours and investigate within 48 hours. Per our responsible disclosure policy, good-faith security researchers are protected from any legal action.

Question about our architecture?

We document our full stack for institutional buyers.

Request documentation