This page consolidates Certisyn's public posture across security, privacy, residency, key management, and audit readiness. It is the page institutional procurement, sovereign counsel, and Big-Four risk leadership look at first. Each statement here is supported by an artefact under it.
AAA+ on Certisyn's public posture rubric. Continuous measurement of cryptographic integrity, access-control integrity, and dependency integrity. Posture attestations accompany every verification output.
Security overview (PDF)HSM-backed key custody. Post-quantum primitive substitution path built into the attestation protocol from inception. Sealed records remain valid as cryptographic standards shift.
Per-customer residency attestation against the jurisdiction of operation. Cross-jurisdiction handoff requires admitted-approver signatures, recorded to the residency audit chain.
Subject-entity consent governs onward use of every artefact. Bounded-disclosure protocol restricts disclosure to the minimum content necessary for the reliance decision context.
Privacy policy (PDF)The Data Processing Addendum is signature-ready and aligned to GDPR, CCPA, and equivalent regimes. Sub-processor list is on request.
DPA (PDF)Append-only derivation chain replayable on supervisory demand. Sealed outputs are verifiable against the chain without trusting the issuer.
Generative tooling does not sit in the load-bearing path. Every load-bearing decision is deterministic and reproducible.
Responsible AI statement (PDF)Standard mutual non-disclosure instrument available for diligence engagements. Counterparty redlines accepted under counsel review.
Mutual NDA (PDF)