Security at every layer.
MachineCert is built by a security company. Here is how we protect your data across application, data, and operational layers — metadata only, never your private keys.
How we protect your data.
TLS 1.3 in transit and AES-256 at rest, with managed key rotation.
SSO / SAML and MFA support, with strong session and credential handling.
Role-based access control with least-privilege defaults and scoped staff access.
Comprehensive, tamper-evident audit logs across the platform.
Secrets are isolated and encrypted; private keys never leave your environment.
Code review, dependency scanning, and regular third-party penetration testing.
Metadata only — by design.
MachineCert processes certificate metadata only; private keys are never collected or stored.
We collect only what’s needed to operate and secure the service.
A current subprocessor list and security documentation are available on request.
Security questions?
We’re glad to answer.
Request documentation, our subprocessor list, or a conversation with the team that builds MachineCert.