Certyneo data eo ange hosted?

Data raom exclusively Germany hosted (IONOS SE, Frankfurt), European Union. No replication ka sub-processing EU outside servers me.

Certyneo American Cloud Act subject?

Ne. Certyneo French entity (French law SAS), American Cloud Act extraterritoriality subject ne. DocuSign, Adobe Sign, Dropbox Sign (American companies) tabwe, American authorities Certyneo force ne your data disclose.

Certyneo GDPR compliant?

Eya. Certyneo GDPR compliant: EU hosting, TLS 1.3 encryption transit me ak AES-256 rest, DPA available (GDPR article 28), limited documented retention, access ka deletion rights respected.

Signed documents falsification protection ange?

Signed document raom cryptographic seal protected (SHA-256 hash) timestamped audit trail inscribed. Document modification signature after seal invalid ak immediate detected. Audit trail 10 years retained.

Certyneo DPA (Data Processing Agreement) eo?

Eya. Certyneo GDPR article 28 compliant DPA propose, dashboard your electronically signable ka request on. Sub-processors, technical ak organizational measures (TOMs), ak concerned persons rights detail.

Security and Compliance

Trust is at the heart of Certyneo. This page describes exactly what is in place today in our infrastructure and application.

Updated 17 April 2026.

Certyneo security — infrastructure and encryption

eIDAS Compliant

Our simple (SES) and advanced (AES with OTP email + SMS) signatures comply with the European Union's eIDAS regulation.

TLS 1.3 Encryption

All client-server communications are protected by TLS 1.3 via our reverse proxy (auto-renewed Let's Encrypt certificates).

Hosting in Germany (EU)

The application, PostgreSQL database, and object storage are hosted on our infrastructure in Germany (IONOS), within the European Union.

Signature Audit Trail

Every action (opening, OTP, signature, refusal, expiration) is timestamped and stored. An audit footer is integrated into the signed PDF.

Signer Authentication

For advanced level (AES): dual OTP email + SMS (our OTP SMS provider). For sender login: email + password, Google, Microsoft Entra.

GDPR

Compliance with the General Data Protection Regulation: right of access, rectification and erasure, processing register.

Regulatory Compliance

Certyneo complies with applicable European regulations on electronic signatures and data protection.

eIDAS

SES and AES Signatures

Simple electronic signature (SES) by default. Advanced electronic signature (AES) with OTP email + SMS for enhanced probative value under regulation (EU) n°910/2014.

GDPR

Data Protection

Compliance with regulation (EU) 2016/679. Data hosted within the European Union, documented retention period, processing register and DPA available upon request.

Our Security Practices

Here are the concrete measures deployed in production.

TLS 1.3 encryption for all HTTP communications (Caddy 2, Let's Encrypt)
AES-256 encryption for data at rest (documents and database), hosted in Germany
Scrypt hashing (with salt and timing-safe comparison) for user passwords
Single-use email verification and password reset tokens, 1-hour expiration
OTP (OTP SMS) for advanced signature, short validity, single use
Application-level rate limiting (Redis) by plan on sensitive endpoints
S3-compatible object storage with versioning enabled on documents
Timestamped audit log of each step in an envelope's lifecycle

Ready to Sign Securely?

5 free envelopes per month, no credit card required. eIDAS and GDPR compliance included.

Start for Free Request a Demo

Roadmap Seguridad

Angediengan tab eo akin iron confidence ak compliance.

Q4 2026
ISO 27001 audit
Kadongen
ISO 27001 certification audit ekadongedongen eo accredited organization me.
2027
SOC 2 Type II
Kadongen
SOC 2 Type II report eo security, availability ak confidentiality me karegian.

Responsible Disclosure

Kedrongel security vulnerability? Adingin eo iramin responsible eo, public disclosure eo tabwe. Receipt acknowledgment 48 working hours me.

security@certyneo.com

Data Processing Agreement

Akin DPA eo Certyneo obligations detail eo sub-processor eo GDPR sense, technical ak organizational measures karegian.

Télécharger le DPA (PDF)

Certyneo Security Frequent Questions

Certyneo data eo ange hosted?: Data raom exclusively Germany hosted (IONOS SE, Frankfurt), European Union. No replication ka sub-processing EU outside servers me.
Certyneo American Cloud Act subject?: Ne. Certyneo French entity (French law SAS), American Cloud Act extraterritoriality subject ne. DocuSign, Adobe Sign, Dropbox Sign (American companies) tabwe, American authorities Certyneo force ne your data disclose.
Certyneo GDPR compliant?: Eya. Certyneo GDPR compliant: EU hosting, TLS 1.3 encryption transit me ak AES-256 rest, DPA available (GDPR article 28), limited documented retention, access ka deletion rights respected.
Signed documents falsification protection ange?: Signed document raom cryptographic seal protected (SHA-256 hash) timestamped audit trail inscribed. Document modification signature after seal invalid ak immediate detected. Audit trail 10 years retained.
Certyneo DPA (Data Processing Agreement) eo?: Eya. Certyneo GDPR article 28 compliant DPA propose, dashboard your electronically signable ka request on. Sub-processors, technical ak organizational measures (TOMs), ak concerned persons rights detail.

Learn More

Deepen your understanding of regulation and signature levels.