Resources · Trust Center

Security and transparency by design.

MachineCert is built by a security company, for security teams. Here is how we protect your data, run our infrastructure, and earn the trust of the enterprises that rely on us.

View controls Infrastructure
SOC 2 Type IIISO 27001HIPAAGDPR
trust dashboardall systems operational
Encryption in transitTLS 1.3
Encryption at restAES-256
Private keys collectednever
Uptime (90d)99.98%
Open incidents0
Security controls

How we protect
your data.

Security overview

Defense-in-depth across application, data, and infrastructure layers.

Data handling

Certificate metadata only — private keys are never collected or stored.

Encryption

TLS 1.3 in transit, AES-256 at rest, with managed key rotation.

Infrastructure

Hardened, isolated cloud infrastructure with least-privilege access.

Incident response

A documented, tested process with defined SLAs and notification.

Logging & monitoring

Comprehensive audit logging and continuous security monitoring.

Data handling architecture

Private keys never
leave your environment.

In your environment
Your keys stay homenever transmitted
Metadata onlysubject · issuer · expiry
Encrypted metadataTLS 1.3 · AES-256
Transparency

Everything you need
to evaluate us.

Availability

99.9%+ uptime with a public status page.

Subprocessors

A current, published list of all subprocessors.

Security contact

A dedicated channel for vulnerability reports.

Documentation

Architecture and security docs on request.

Certifications

SOC 2 Type II, ISO 27001, HIPAA, GDPR.

Pen testing

Regular third-party penetration testing.

FAQ

Security & trust,
answered.

No. MachineCert works exclusively with certificate metadata — subject, issuer, validity dates, key type, chain, and host. Private keys are never collected, transmitted, or stored.
MachineCert maintains SOC 2 Type II and ISO 27001, and supports HIPAA and GDPR requirements. Audit reports and documentation are available to customers and prospects under NDA.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256, with managed key rotation and strict access controls.
The agent reads certificate metadata locally and transmits only that metadata over an encrypted channel. It never exfiltrates private keys or other secrets.
We maintain a documented, regularly tested incident response plan with defined severity levels, response SLAs, and customer notification procedures.
A current list of subprocessors is published and maintained in the Trust Center, and customers are notified of material changes.
Use the dedicated security contact in the Trust Center. We acknowledge reports promptly and work with researchers under responsible disclosure.
MachineCert targets 99.9%+ availability, backed by a public status page and enterprise SLAs for applicable plans.
Go deeper

Related resources

SecurityArchitecture and controls in depth.ComplianceSOC 2, HIPAA, FedRAMP, GDPR.MethodologyOur approach to machine trust.For security teamsRisk before it’s an incident.DocumentationDeploy and operate MachineCert.Risk scoringQuantify certificate posture.
Talk to us

Questions for our security team?

Request our SOC 2 report, security documentation, or a conversation with the team that builds MachineCert.

Compliance details Infrastructure